Hello,
I get this error every time I restart a specific Windows Server:
I have look in the Event Viewer of the Server but can't find anything related to this failed login.
Is there a way that the FortiGate can tell me what application is being used by the server to try and login?
It's a relatively new server, as well as the FortiGate, and I'm pretty certain I haven't setup anything on this server to try and connect to my gateway.
Stumped.
The short answer is "no". In general it is not possible for the receiving end to learn which process generated the traffic on the other side That fact is not advertised over the network.
Here's a suggestion:
1, Start and keep running a packet capture on the FortiGate (filter for hosts 192.168.0.16 + 192.168.0.1, and for your SSH port) -> This will tell you which source-port was used.
1.a, Alternatively, if you are logging local-in traffic, find these sessions in the Local Traffic log.
2, With this info, you might be able to trace which process generated this traffic on the Windows server end, assuming there's a way to log which processes used which source ports. (I don't know)
Another alternative: Perhaps you have some firewall application installed on the Windows server? If yes, check if you can set it up to block this traffic and log it. Then maybe this log will tell you which process tried to initiate that connection.
one addition: Since this is SSH, the initial communication is a "Protocol version exchange", which tends to include the version of the client/server. You can try looking at that in the packet capture, maybe that will give a hint as to which process is the client on the Windows server.
https://datatracker.ietf.org/doc/html/rfc4253#section-4.2
Thank you for replying! I have setup a Packet Capture, just need to start it. Which I'll do before I restart the server. Need to wait until the weekend though :(
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1789 | |
1120 | |
768 | |
447 | |
242 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.