diff --git a/roles/basesecurity/templates/fail2ban/jail.d/local.conf.j2 b/roles/basesecurity/templates/fail2ban/jail.d/local.conf.j2
index cddbecd..844ace1 100644
--- a/roles/basesecurity/templates/fail2ban/jail.d/local.conf.j2
+++ b/roles/basesecurity/templates/fail2ban/jail.d/local.conf.j2
@@ -7,3 +7,6 @@ enabled = true
 bantime  = 600
 findtime  = 600
 maxretry = 5
+
+# Whitelist bastion
+ignoreip = 10.128.0.254