WAF profile in Fortigate

Forum|Forum|2 years ago
March 26, 2024
1 reply
1470 views

hello friends, a question.

The monitor mode WAF profile is enabled in the service publications that have been created in the FG.IPs are observed that belong to my LAN network (I suppose that is the reason why "reserved" is shown in the country of origin). My question is, why is the "information disclosure" event generated? has it happened to you?

because the signature "information disclosure" means exposing private information to individuals who would not normally have access to it. which has me worried since the source ip's are ip's from the internal network

FortiGate

hbac

Staff

Hi @unknown1020,

WAF is used to protect a web server behind the FortiGate. It should be enabled under inbound firewall policy and source IP shouldn't be internal.

Regards,

unknown1020Author

Explorer III

The WAF profiles are assigned only to the service policies (WAN to LAN), for this reason it seems strange to me that logs appear where the internal IP's of my LAN are displayed.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded