LAN to DMZ policy

Forum|Forum|9 years ago
May 24, 2017
1 reply
14046 views

i have a LAN to DMZ policy to allow LAN traffic.

but we noticed that there are some traffic that are drop or deny due to threat

what does threat 262144 means ??

threat.jpg

kinmunAuthor

New Member

any one encounter the same issue b4 ?

application = unknown

category = unscanned

protocol = tcp

Action = Deny:IP connection error

security

level = low

threat level = low

threat score 5

Neophron

New Member

Hi Kinmun,

I'm not sure about the threat part, it could be IPS / IDS or AV that's screwing your connection.

about the IP connection error;

This is probably due to the destination not reacting in time, hence the error. the server does not respond or isn't able to connect in time ( time-out ).

I'v seen it before with HP switches, it turned out that there was a high collision rate on the switch ( in other words, the switch was at max capacity of throughput and therefor started dropping packets ).

you can read more about the IP connection error here : http://kb.fortinet.com/kb/documentLink.do?externalID=FD39321 I would suggest checking the whole path for throughput, and maybe run a sniffer on the fortigate to see what happens with the packet ( syn and ack should come along ).

Good luck!

kinmunAuthor

New Member

the connection is clear after my colleague re-install the zabbix agent on the server.

no more connection error.

issue is at the server.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded