Solved

Fortigate Message

Posted on 2014-03-28
9
894 Views
Last Modified: 2014-04-11
Hi Experts,

I have set up a policy in my Forti firewall and blocking P2P applications.
I get messages that EDONKEY is running somewhere.
But when I check the computer, I cannot find anything.
Can you help me to understand the alert ?

See here:

Message meets Alert condition
date=2014-03-28 time=07:27:13 devname=myforti device_id=*** log_id=0022000003 type=traffic subtype=violation  pri=warning status=deny vd="root" src=192.168.212.48 srcname=192.168.212.48 src_port=58198 dst=81.19.104.27 dstname=81.19.104.27 dst_country="Spain" src_country="Reserved" dst_port=443 service=HTTPS proto=6 app_type=eDonkey duration=60 rule=66 policyid=66 identidx=0 sent=92 rcvd=52 shaper_drop_sent=0 shaper_drop_rcvd=0 perip_drop=0 shaper_sent_name="N/A" shaper_rcvd_name="N/A" perip_name="N/A" vpn="N/A" vpn_type=UNKNOWN(65535) vpn_tunnel="N/A" src_int="port14" dst_int="port16" SN=167064872 app="eDonkey" app_cat="P2P" user="N/A" group="N/A" msg="N/A" carrier_ep="N/A" profilegroup="N/A" subapp="eDonkey" subappcat="P2P"
0
Comment
Question by:Eprs_Admin
  • 5
  • 3
9 Comments
 
LVL 17

Expert Comment

by:TimotiSt
ID: 39962427
Looks like it's identifying some https traffic as edonkey:
dst_port=443 service=HTTPS

Are you running the latest firmware, to make sure UTM definitions are current?
0
 
LVL 8

Assisted Solution

by:myramu
myramu earned 167 total points
ID: 39965246
Hello,

Looks like its an IPS signature issue. It would be better to get in touch with Fortinet support team.

Good Luck!
0
 

Author Comment

by:Eprs_Admin
ID: 39965896
ok thanks.
I will check latest firmware version this week.
0
 

Author Comment

by:Eprs_Admin
ID: 39965916
we have this firmware running:
v4.0,build0665,130514 (MR3 Patch 14)
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 17

Assisted Solution

by:TimotiSt
TimotiSt earned 333 total points
ID: 39966158
4.0 Patch 14 is reasonably new. If it's just a bogus, you can disable that specific UTM rule, or get support from Fortigate.
0
 

Author Comment

by:Eprs_Admin
ID: 39966180
no I want this rule, because I will block all P2P applications.
0
 
LVL 17

Accepted Solution

by:
TimotiSt earned 333 total points
ID: 39966196
Then I'd say open a ticket with Fortinet support, get them to check it out for you.
0
 

Author Comment

by:Eprs_Admin
ID: 39966210
ok, can I just open a ticket with them when I have an active license ?
0
 

Author Comment

by:Eprs_Admin
ID: 39985278
since one week no answer from Fortinet.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now