Fortinet 606 FortiWeb 5.0 Patch 6 Administration Guide
Monitoring currently blocked IPs
Log&Report > Monitor > Blocked IPs displays all client IP addresses whose requests the
FortiWeb appliance is temporarily blocking because the client violated a rule whose Action is
Period Block. Since at any given time a period block might be applied by one server policy but
not by another, client IPs are sorted by and listed under the names of server policies.
If a client was inadvertently blocked due to a false positive, you can immediately release it from
being blocked by clicking the Delete icon next to its entry in this table. (If it is being blocked by
multiple policies, you should delete the client’s entry under each policy name. Otherwise, the
client will still be blocked by some policies.)
Alternatively, the IP address will automatically be removed from the list when its block period
expires.
To access this part of the web UI, your administrator’s account access profile must have Read
and Write permission to items in the Log & Report category. For details, see “Permissions” on
page 47.
See also
Blacklisting & whitelisting clients individually by source IP
Configuring a protection profile for inline topologies
Configuring a protection profile for an out-of-band topology or asynchronous mode of
operation
FortiGuard updates
One of the most important things you can do is to ensure that your FortiWeb is receiving regular
updates from the FortiGuard FortiWeb Web Security service and FortiGuard Antivirus service.
Without these updates, your FortiWeb cannot detect the newest threats.
Event logs record FortiGuard update attempts. In addition to scheduling polls for automatic
updates, you can also manually update the service packages or initiate an connectivity test to
the FDN at any time. For details, see “Connecting to FortiGuard services” on page 134.
If a client frequently is correctly added to the period block list, and is a suspected attacker, you
may be able to improve both security and performance by permanently blacklisting that source
IP address. See “Blacklisting & whitelisting clients individually by source IP” on page 335 and
“Sequence of scans” on page 23.
If the client is not an attacker, in addition to removing his or her IP from this list, you may need
to adjust the configuration that caused the period block, such as adjusting DoS protection so
that it does not block normal request rates. Otherwise, the client may quickly reappear in the
period block list.