WAN Deny Port 137

Forum|Forum|8 years ago
November 17, 2017
1 reply
9303 views

Seeing this log constantly: Message meets Alert condition date=2017-11-16 time=22:42:05 devname=FG101E devid=xxxxxxxxxxx logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=172.16.0.2 srcport=137 srcintf="wan1" dstip=172.16.0.255 dstport=137 dstintf="wan1" sessionid=30469067 proto=17 action=deny policyid=0 policytype=policy dstcountry="Reserved" srccountry="Reserved" trandisp=noop service="udp/137" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned" crscore=30 craction=131072 crlevel=high Note, this was from 172.16.0.2 to 172.16.0.255, most of the time the logs are generating from 169.254.x.x to 169.254.255.255.

packetpusher

New Member

What is the question?

MattHLCAuthor

New Member

What would generate this traffic from WAN to WAN? WAN1 is working correctly otherwise and LAN1 has a 192.168.x.x subnet only. WAN2 however is trying to obtain an IP as it’s set to DHCP but I am pretty sure there isn’t any other WAN connection and someone just ticked it to the on position. I can see that the WAN to WAN is deny but don’t see anything in the WAN config that would do this behavior. I am new to FortiGates and am getting these alerts all day but only on this one unit.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded