Fortigate Message

Hi Experts,

I have set up a policy in my Forti firewall and blocking P2P applications.
I get messages that EDONKEY is running somewhere.
But when I check the computer, I cannot find anything.
Can you help me to understand the alert ?

See here:

Message meets Alert condition
date=2014-03-28 time=07:27:13 devname=myforti device_id=*** log_id=0022000003 type=traffic subtype=violation  pri=warning status=deny vd="root" src=192.168.212.48 srcname=192.168.212.48 src_port=58198 dst=81.19.104.27 dstname=81.19.104.27 dst_country="Spain" src_country="Reserved" dst_port=443 service=HTTPS proto=6 app_type=eDonkey duration=60 rule=66 policyid=66 identidx=0 sent=92 rcvd=52 shaper_drop_sent=0 shaper_drop_rcvd=0 perip_drop=0 shaper_sent_name="N/A" shaper_rcvd_name="N/A" perip_name="N/A" vpn="N/A" vpn_type=UNKNOWN(65535) vpn_tunnel="N/A" src_int="port14" dst_int="port16" SN=167064872 app="eDonkey" app_cat="P2P" user="N/A" group="N/A" msg="N/A" carrier_ep="N/A" profilegroup="N/A" subapp="eDonkey" subappcat="P2P"
Eprs_AdminSystem ArchitectAsked:
Who is Participating?
 
TimotiStConnect With a Mentor Datacenter TechnicianCommented:
Then I'd say open a ticket with Fortinet support, get them to check it out for you.
0
 
TimotiStDatacenter TechnicianCommented:
Looks like it's identifying some https traffic as edonkey:
dst_port=443 service=HTTPS

Are you running the latest firmware, to make sure UTM definitions are current?
0
 
myramuConnect With a Mentor Commented:
Hello,

Looks like its an IPS signature issue. It would be better to get in touch with Fortinet support team.

Good Luck!
0
Become an IT Security Management Expert

In today’s fast-paced, digitally transformed world of business, the need to protect network data and ensure cloud privacy has never been greater. With a B.S. in Network Operations and Security, you can get the credentials it takes to become an IT security management expert.

 
Eprs_AdminSystem ArchitectAuthor Commented:
ok thanks.
I will check latest firmware version this week.
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
we have this firmware running:
v4.0,build0665,130514 (MR3 Patch 14)
0
 
TimotiStConnect With a Mentor Datacenter TechnicianCommented:
4.0 Patch 14 is reasonably new. If it's just a bogus, you can disable that specific UTM rule, or get support from Fortigate.
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
no I want this rule, because I will block all P2P applications.
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
ok, can I just open a ticket with them when I have an active license ?
0
 
Eprs_AdminSystem ArchitectAuthor Commented:
since one week no answer from Fortinet.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.