Forwarding some ports resulting in Fortigate to classify source as threat

Forum|Forum|10 years ago
July 28, 2015
3 replies
3110 views

Hi,

first post here, hi all! This is the situation:

- simple port forward from 8022 (Wan) to host in lan (port 22).

- it does not work, whatever source ip that tries to open connection on port 8022 (yes i added both VIP and firewall rule, i have many rules that work fine) it gets denied by the default deny rule as classified as HIGH threat.

- if i do a 22 to 22 same public same host it works.

- is Fortigates classifies ports 80xx as threat by default? Is there a way to whitelist source IPs so they dont get scanned?

thanks

gschmitt

New Member

myrdin wrote:
- is Fortigates classifies ports 80xx as threat by default? Is there a way to whitelist source IPs so they dont get scanned?

To whitelist source IPs from UTM you can simply create an address object with the wanted IPs, create a new policy:

Source Interface wan1

Source Address: The address object

Destination Interface: internal

Destination Address: your VIP object

Services: as needed (start with any to test)

NAT as needed

disable all UTM

and move the resulting policy ABOVE the existing one.

BUT I am guessing the problem with your policy is your services, which services did you allow in the policy?

emnoc

New Member

I would have to agreed, but really your 1st step is to look at diag debug flow. In fact se the filter for the 8022 port and make sure it's not being block ahead.

e.g

diag debug reset

diag debug en

diag debug flow filter port 8022

diag debug flow show console enable

diag debug flow trace start 100

Place trafffic and the vip and port and monitor the output; when done, execute the following;

diag debug reset

diag debug disable

myrdinAuthor

New Member

thanks guys, i will do some more tests and update the thread.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded