If you control the FortiGate firewall or can talk to the admin:
Why this works: The IPS engine completely bypasses inspection for that traffic.
Best for: Pentesters, internal devs, automated scans.
Sometimes FortiGuard blocks because of Web Filtering or Application Control, not IPS. Check the block page:
Few things are more frustrating than staring at a “Blocked by FortiGuard Intrusion Prevention” message—especially when you’re a security researcher, a pentester, or an admin trying to access your own internal resource.
FortiGuard IPS is powerful. It’s designed to stop known exploits, SQLi attempts, and suspicious payloads before they reach your server. But sometimes it blocks legitimate traffic (a false positive) or gets in the way of an authorized penetration test.
So how do you get around it without compromising security or breaking the law? Let’s walk through the ethical and technical methods.
Intrusion Prevention Systems must reassemble packets before inspection—and that takes resources. You can exploit this with TCP fragmentation or HTTP chunked encoding.
If you're a network administrator or an authorized user trying to access a resource that's being blocked:
