Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gsieg
New Contributor

Blocked because of an intrusion attack error message in browser.

User application stopped working, when I went to the website they were trying to access I received a Fortinet error that said "Blocked because of an intrusion attack: Your computer has been blocked because an intrusion attack originating from your system was detected.  For more information, contact the system administrator"  I went through the 100F firewall logs and could not find any suspicious activity on this machine or any logs that correlated to this event.  I looked at the Security logs and Forwarded events.  I was going through the logs for a while and found nothing, I let the user know I would follow up in a bit.  I took a few minutes to start researching and a couple hours later started looking at it more again, the website and application are working now with no interation.  He said this happened to him last week too and then cleared up.  How can I track this to fix this from happening, I've reviewed the machine I do not see anything malicious.

1 REPLY 1
AEK
Honored Contributor II

  • How long has your host been blocked?
  • What is FGT model and version?
  • Did you check in Compromised hosts / Banned IPs on your FGT?
  • Do you have FortiAnalyzer?
AEK
AEK
Labels
Top Kudoed Authors