Eprs_Admin
asked on
Fortigate Message
Hi Experts,
I have set up a policy in my Forti firewall and blocking P2P applications.
I get messages that EDONKEY is running somewhere.
But when I check the computer, I cannot find anything.
Can you help me to understand the alert ?
See here:
I have set up a policy in my Forti firewall and blocking P2P applications.
I get messages that EDONKEY is running somewhere.
But when I check the computer, I cannot find anything.
Can you help me to understand the alert ?
See here:
Message meets Alert condition
date=2014-03-28 time=07:27:13 devname=myforti device_id=*** log_id=0022000003 type=traffic subtype=violation pri=warning status=deny vd="root" src=192.168.212.48 srcname=192.168.212.48 src_port=58198 dst=81.19.104.27 dstname=81.19.104.27 dst_country="Spain" src_country="Reserved" dst_port=443 service=HTTPS proto=6 app_type=eDonkey duration=60 rule=66 policyid=66 identidx=0 sent=92 rcvd=52 shaper_drop_sent=0 shaper_drop_rcvd=0 perip_drop=0 shaper_sent_name="N/A" shaper_rcvd_name="N/A" perip_name="N/A" vpn="N/A" vpn_type=UNKNOWN(65535) vpn_tunnel="N/A" src_int="port14" dst_int="port16" SN=167064872 app="eDonkey" app_cat="P2P" user="N/A" group="N/A" msg="N/A" carrier_ep="N/A" profilegroup="N/A" subapp="eDonkey" subappcat="P2P"
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok thanks.
I will check latest firmware version this week.
I will check latest firmware version this week.
ASKER
we have this firmware running:
v4.0,build0665,130514 (MR3 Patch 14)
v4.0,build0665,130514 (MR3 Patch 14)
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
no I want this rule, because I will block all P2P applications.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok, can I just open a ticket with them when I have an active license ?
ASKER
since one week no answer from Fortinet.
Are you running the latest firmware, to make sure UTM definitions are current?