Fortigate Firewall Deny Log False Positive
Posted on 2014-11-30
Our company use a Fortigate Firewall. We have recently extract the Deny Firewall Log and find out that there are many false Alarm Deny Log. For example we found the deny log Entries
Source IP Source Port Destination IP Destination Port Action
10.106.53.78 67890 172.17.15.9 443 Deny
But I could actually telnet the 443 port from 10.106.53.79 to 172.17.15.9 without any problem and connected during the time the log entries produced.
I found many incidents on the firewall log similar case and wonder if any know the root cause or any misconfiguration on the device.
Thank you for your insight in advance.