Solved

Fortigate Firewall Deny Log False Positive

Posted on 2014-11-30
2
275 Views
Last Modified: 2014-12-06
Our company use a Fortigate Firewall. We have recently extract the Deny Firewall Log and find out that there are many false Alarm Deny Log. For example we found the deny log Entries

Source IP             Source Port                   Destination IP     Destination Port   Action
10.106.53.78             67890                          172.17.15.9                    443            Deny

But I could actually telnet the 443 port from 10.106.53.79 to 172.17.15.9 without any problem and connected during the time the log entries produced.

I found many incidents on the firewall log similar case and wonder if any know the root cause or any misconfiguration on the device.

Thank you for your insight in advance.

Patrick
0
Comment
Question by:patricktam
2 Comments
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40473424
Telnet is one of FW Predefined services (Firewall Objects > Service > Predefined) using TCP 23. May want to check policy on the service configurations. You can reference this simple example in http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31014&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=66105316&stateId=0%200%2066103683

You can also check out the PDF on the section for "How to verify if traffic is hitting the basic security policy" to see the active sessions, bytes or packets or use diag debug flow commands to show traffic is
hitting the security policy. There is also session information display in Policy > Monitor > Session Monitor.

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=fortigate-firewall-40-mr3pdf&sliceId=&docTypeID=DT_PRODUCTDOCUMENTATION_1_1&dialogID=66105316&stateId=0%200%2066103683
0
 

Author Closing Comment

by:patricktam
ID: 40485194
Thanks for the comment.
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now