What to do with Threat 131072

Hello

Please double-click on one log entry then share the shown details.

Hi smxko,

Added the column 'Threat Score' to confirm if it is populated with value 30.

I suggest you to run the commands below to understand why the traffic is being blocked.

diagnose debug reset  

diagnose debug disable  

diagnose debug console timestamp enable  

diagnose debug flow filter clear  

diagnose debug flow filter proto 6  

diagnose debug flow filter addr x.x.x.x

diagnose debug flow filter port 443

diagnose debug flow show function-name enable  

diagnose debug enable  

diagnose debug flow trace start 500  

### To disable the debug 

diagnose debug disable 

Post the output here. 

Hi @smxko ,

Like what the KB article you referred to said, it is actually just traffic being blocked by the firewall policy.

Could you please share the FGT config and one raw log message with this issue?

Meanwhile, the debug flow outputs will help us more as well.

I found it - it's violation traffic that is logged when a user is connected but did not accept the disclaimer through the voucher portal. Took some time to put put one and one together :D But thanks for your quick help!

Hi,

config log threat-weight
    set blocked-connection high >> see what you have set here..can you change it to other value other than high and see
end