[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now


Fortigate Message

Posted on 2014-03-28
Medium Priority
Last Modified: 2014-04-11
Hi Experts,

I have set up a policy in my Forti firewall and blocking P2P applications.
I get messages that EDONKEY is running somewhere.
But when I check the computer, I cannot find anything.
Can you help me to understand the alert ?

See here:

Message meets Alert condition
date=2014-03-28 time=07:27:13 devname=myforti device_id=*** log_id=0022000003 type=traffic subtype=violation  pri=warning status=deny vd="root" src= srcname= src_port=58198 dst= dstname= dst_country="Spain" src_country="Reserved" dst_port=443 service=HTTPS proto=6 app_type=eDonkey duration=60 rule=66 policyid=66 identidx=0 sent=92 rcvd=52 shaper_drop_sent=0 shaper_drop_rcvd=0 perip_drop=0 shaper_sent_name="N/A" shaper_rcvd_name="N/A" perip_name="N/A" vpn="N/A" vpn_type=UNKNOWN(65535) vpn_tunnel="N/A" src_int="port14" dst_int="port16" SN=167064872 app="eDonkey" app_cat="P2P" user="N/A" group="N/A" msg="N/A" carrier_ep="N/A" profilegroup="N/A" subapp="eDonkey" subappcat="P2P"
Question by:Eprs_Admin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 17

Expert Comment

ID: 39962427
Looks like it's identifying some https traffic as edonkey:
dst_port=443 service=HTTPS

Are you running the latest firmware, to make sure UTM definitions are current?

Assisted Solution

myramu earned 668 total points
ID: 39965246

Looks like its an IPS signature issue. It would be better to get in touch with Fortinet support team.

Good Luck!

Author Comment

ID: 39965896
ok thanks.
I will check latest firmware version this week.
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!


Author Comment

ID: 39965916
we have this firmware running:
v4.0,build0665,130514 (MR3 Patch 14)
LVL 17

Assisted Solution

TimotiSt earned 1332 total points
ID: 39966158
4.0 Patch 14 is reasonably new. If it's just a bogus, you can disable that specific UTM rule, or get support from Fortigate.

Author Comment

ID: 39966180
no I want this rule, because I will block all P2P applications.
LVL 17

Accepted Solution

TimotiSt earned 1332 total points
ID: 39966196
Then I'd say open a ticket with Fortinet support, get them to check it out for you.

Author Comment

ID: 39966210
ok, can I just open a ticket with them when I have an active license ?

Author Comment

ID: 39985278
since one week no answer from Fortinet.

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The well known Cerber ransomware continues to spread this summer through spear phishing email campaigns targeting enterprises. Learn how it easily bypasses traditional defenses - and what you can do to protect your data.
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question