Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Fortigate Firewall Deny Log False Positive

Posted on 2014-11-30
2
Medium Priority
?
301 Views
Last Modified: 2014-12-06
Our company use a Fortigate Firewall. We have recently extract the Deny Firewall Log and find out that there are many false Alarm Deny Log. For example we found the deny log Entries

Source IP             Source Port                   Destination IP     Destination Port   Action
10.106.53.78             67890                          172.17.15.9                    443            Deny

But I could actually telnet the 443 port from 10.106.53.79 to 172.17.15.9 without any problem and connected during the time the log entries produced.

I found many incidents on the firewall log similar case and wonder if any know the root cause or any misconfiguration on the device.

Thank you for your insight in advance.

Patrick
0
Comment
Question by:patricktam
2 Comments
 
LVL 65

Accepted Solution

by:
btan earned 1500 total points
ID: 40473424
Telnet is one of FW Predefined services (Firewall Objects > Service > Predefined) using TCP 23. May want to check policy on the service configurations. You can reference this simple example in http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31014&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=66105316&stateId=0%200%2066103683

You can also check out the PDF on the section for "How to verify if traffic is hitting the basic security policy" to see the active sessions, bytes or packets or use diag debug flow commands to show traffic is
hitting the security policy. There is also session information display in Policy > Monitor > Session Monitor.

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=fortigate-firewall-40-mr3pdf&sliceId=&docTypeID=DT_PRODUCTDOCUMENTATION_1_1&dialogID=66105316&stateId=0%200%2066103683
0
 

Author Closing Comment

by:patricktam
ID: 40485194
Thanks for the comment.
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question