Troubleshooting Tip: FortiWeb attack log shows action as alert for specific Signature ID, but the action configured for the same Signature ID is alert deny
Description
This article describes what to check and verify when the FortiWeb Attack Log shows action as alert for specific Signature ID, but the action configured for the same Signature ID is alert deny
Scope
FortiWeb and FortiWeb VM.
Solution
For this article, Signature ID 050050073 will be used as an example.
Step 1: Go to System -> Config -> FortiGuard -> Signature Update Management (tab).
Step 2: Expand the listed Signature Build.
Step 3: Review and check for the same Signature ID 050050073.
If the Signature ID is listed, review the documentation at the end of this article on 'Enforcing new FortiGuard signatures' for further information and next action.
The 'Alert' action is expected after a signature was updated or added.
Note: The Signature ID was recently added via the Web Application Security update for FortiWeb:
Web Application Security for FortiWeb
Related document: