Skip to main content
Serxhio
Staff
Serxhio
Staff
February 26, 2025

Technical Tip: 'Failed Connection Attempts' or 'IP-Conn' warning logs

  • February 26, 2025
  • 0 replies
  • 6704 views
Description This article describes the meaning of specific events seen on the logs.
Scope FortiGate, Log.
Solution

Normally 'Failed Connection Attempts' or 'IP-Conn' events occurs in the following cases:

 

11e.png

 

ip-conn.png

 

  1. Wrong DNS Queries - When the DNS query returns an unknown host, the 'action' in the log will be 'dns'.
  2. Host not reachable - Upon trying to reach an IP address that does not respond, the 'action' in the log will be 'ip-conn'.
  3. Abnormal termination - If a TCP connection was reset or timed out without FIN, the 'status' in the log will be 'timeout'.
  4. HTTP Error - if the HTTP response is > 400 (except 401/407), the 'status' in the log will be 'close'.

 

To troubleshoot further, collect the debug flow with the following commands: 

 

diagnose debug reset
diagnose debug flow filter clear
diagnose debug flow filter addr 10.159.61.11
diagnose debug flow filter port 161
diagnose debug console timestamp enable
diagnose debug flow trace start 999
diagnose debug enable

 

To disable the debug processes:

 

diagnose debug disable

 

Related article:

Troubleshooting Tip: Basic FortiGate connectivity diagnostics
    Terms & ConditionsAccessibility statement