FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 261256


This article describes how to set the threat weight and how it is calculated.




FortiGate v6.0.0 onwards.




Where to define threat score:

In the threat weight configuration, we can define the level and score for the level as per requirement between (1-100), below are the default level and score value.



    low             : 5

    medium          : 10

    high            : 30

    critical        : 50


The IPS signatures, web categories, Malware, and Applications are all assigned a severity that is associated with a threat weight (or score).

It is possible to view the configuration details by running the below commands:


show full-configuration log threat-weight

get log threat-weight



What are all the aspects taken into consideration for threat scores:

The threat score value that appears in FortiView is the final accumulated score, which is 'score_value_for_category * number_of_incidents'.

For example:

If a URL Category is high and under config level 'high' is set to 30 and the Number of incidents is 200, then score value = 30, incident = 200 hence 30 * 200 = 6000. Threat Score will be calculated for both Blocked/Allowed traffic


It is possible to disable specific threat-weight calculations you can achieve it, below is just an example. It is possible to do it for all the parameters visible in show full-configuration log threat-weight.


config log threat-weight
    set blocked-connection disable


This command enables/disables threat-weight calculation within logs, so it does not affect actual behavior, check the below lins:

log threat-weight 

Threat weight


For info on threat ID 13107:

Technical Tip: Threat 131072 is seen in logs when traffic is denied by a firewall policy


Here is an example of a failed connection threat score 5:


Failed conn.PNG