Solved

Fortigate Firewall Deny Log False Positive

Posted on 2014-11-30
2
266 Views
Last Modified: 2014-12-06
Our company use a Fortigate Firewall. We have recently extract the Deny Firewall Log and find out that there are many false Alarm Deny Log. For example we found the deny log Entries

Source IP             Source Port                   Destination IP     Destination Port   Action
10.106.53.78             67890                          172.17.15.9                    443            Deny

But I could actually telnet the 443 port from 10.106.53.79 to 172.17.15.9 without any problem and connected during the time the log entries produced.

I found many incidents on the firewall log similar case and wonder if any know the root cause or any misconfiguration on the device.

Thank you for your insight in advance.

Patrick
0
Comment
Question by:patricktam
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 40473424
Telnet is one of FW Predefined services (Firewall Objects > Service > Predefined) using TCP 23. May want to check policy on the service configurations. You can reference this simple example in http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31014&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=66105316&stateId=0%200%2066103683

You can also check out the PDF on the section for "How to verify if traffic is hitting the basic security policy" to see the active sessions, bytes or packets or use diag debug flow commands to show traffic is
hitting the security policy. There is also session information display in Policy > Monitor > Session Monitor.

http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=fortigate-firewall-40-mr3pdf&sliceId=&docTypeID=DT_PRODUCTDOCUMENTATION_1_1&dialogID=66105316&stateId=0%200%2066103683
0
 

Author Closing Comment

by:patricktam
ID: 40485194
Thanks for the comment.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now