?
Solved

Fortigate Message

Posted on 2014-03-28
9
Medium Priority
?
1,088 Views
Last Modified: 2014-04-11
Hi Experts,

I have set up a policy in my Forti firewall and blocking P2P applications.
I get messages that EDONKEY is running somewhere.
But when I check the computer, I cannot find anything.
Can you help me to understand the alert ?

See here:

Message meets Alert condition
date=2014-03-28 time=07:27:13 devname=myforti device_id=*** log_id=0022000003 type=traffic subtype=violation  pri=warning status=deny vd="root" src=192.168.212.48 srcname=192.168.212.48 src_port=58198 dst=81.19.104.27 dstname=81.19.104.27 dst_country="Spain" src_country="Reserved" dst_port=443 service=HTTPS proto=6 app_type=eDonkey duration=60 rule=66 policyid=66 identidx=0 sent=92 rcvd=52 shaper_drop_sent=0 shaper_drop_rcvd=0 perip_drop=0 shaper_sent_name="N/A" shaper_rcvd_name="N/A" perip_name="N/A" vpn="N/A" vpn_type=UNKNOWN(65535) vpn_tunnel="N/A" src_int="port14" dst_int="port16" SN=167064872 app="eDonkey" app_cat="P2P" user="N/A" group="N/A" msg="N/A" carrier_ep="N/A" profilegroup="N/A" subapp="eDonkey" subappcat="P2P"
0
Comment
Question by:Eprs_Admin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
9 Comments
 
LVL 17

Expert Comment

by:TimotiSt
ID: 39962427
Looks like it's identifying some https traffic as edonkey:
dst_port=443 service=HTTPS

Are you running the latest firmware, to make sure UTM definitions are current?
0
 
LVL 8

Assisted Solution

by:myramu
myramu earned 668 total points
ID: 39965246
Hello,

Looks like its an IPS signature issue. It would be better to get in touch with Fortinet support team.

Good Luck!
0
 

Author Comment

by:Eprs_Admin
ID: 39965896
ok thanks.
I will check latest firmware version this week.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:Eprs_Admin
ID: 39965916
we have this firmware running:
v4.0,build0665,130514 (MR3 Patch 14)
0
 
LVL 17

Assisted Solution

by:TimotiSt
TimotiSt earned 1332 total points
ID: 39966158
4.0 Patch 14 is reasonably new. If it's just a bogus, you can disable that specific UTM rule, or get support from Fortigate.
0
 

Author Comment

by:Eprs_Admin
ID: 39966180
no I want this rule, because I will block all P2P applications.
0
 
LVL 17

Accepted Solution

by:
TimotiSt earned 1332 total points
ID: 39966196
Then I'd say open a ticket with Fortinet support, get them to check it out for you.
0
 

Author Comment

by:Eprs_Admin
ID: 39966210
ok, can I just open a ticket with them when I have an active license ?
0
 

Author Comment

by:Eprs_Admin
ID: 39985278
since one week no answer from Fortinet.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question