How to check IPs attacking Fortigate

Forum|Forum|9 years ago
August 26, 2016
1 reply
7199 views

hi all, My fortigate (310B) is receiving a very high input traffic on interface facing the internet, but there are a little traffic on inside interface(facing Lan network), i am afraid of someone is attacking or scan port to my fortigate. So which CLI command can I use to list the IPs attacking to my FG devices or any threat FG is receiving? or any advice to check and debug my problem ? Thanks,

FGFanAuthor

New Member

anyone help me, please !

ede_pfau

SuperUser

hmmm...if I would scan for open ports on your public IP, would I'd be successful? If not, don't worry. Connection attempts are not as much a burden as incoming traffic, except for a DoS situation so that legitimate traffic cannot connect anymore.

You've got the logging ('denied traffic') to find out which kind of traffic you're seeing. If you don't serve that port, all the better. If you do, have a look at 'local-in' policies, to deny specific traffic from ip address ranges or geo locations (countries) etc. Local-in policies are handled first so you'd economize on CPU load.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded