Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Summer Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCare Services
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiData
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: DNS blocking
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DNS blocking
Hi team
I have a scenario where some end user machines are being blocked from accessing DNS yet the services in the policy are set to all services. This is affecting some machines while others are working fine
#FGT
Labels:
- Labels:
-
FortiGate
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Can you share some logs that show the traffic as being blocked and also a glance at the fw rule ?
"jack of all trades, master of none"
"jack of all trades, master of none"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Godfreyagr ,
We need the relevant DNS logs for checking.
Possible case is that the DNS traffic was allowed by the DNS server returned some errors.
Regards,
Jerry
Jerry
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
date="2025-02-10" time="16:07:56" id=7469776541052829743 bid=1075099 dvid=1061 itime=1739192880 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633972 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50876 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192876130469070 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:54" id=7469776536757862434 bid=1075095 dvid=1061 itime=1739192879 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633954 srcip="10.200.133.189" dstip="10.100.135.11" srcport=53635 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192875352693390 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:54" id=7469776536757862432 bid=1075095 dvid=1061 itime=1739192879 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633950 srcip="10.200.133.189" dstip="10.100.135.11" srcport=54967 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192875225550050 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:54" id=7469776536757862429 bid=1075095 dvid=1061 itime=1739192879 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633948 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50878 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192875158703670 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:54" id=7469776536757862428 bid=1075095 dvid=1061 itime=1739192879 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633947 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50877 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192875146124270 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:54" id=7469776532462895153 bid=1075095 dvid=1061 itime=1739192878 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633925 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50877 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192874155426390 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:54" id=7469776532462895152 bid=1075095 dvid=1061 itime=1739192878 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633924 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50878 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192874155415390 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:54" id=7469776532462895144 bid=1075095 dvid=1061 itime=1739192878 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633922 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50876 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192874129660870 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:54" id=7469776532462895143 bid=1075095 dvid=1061 itime=1739192878 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633923 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50875 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192874129660830 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:53" id=7469776528167927843 bid=1075095 dvid=1061 itime=1739192877 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633903 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50875 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192873132408910 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:53" id=7469776528167927842 bid=1075095 dvid=1061 itime=1739192877 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633903 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50876 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192873132408790 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:52" id=7469776523872960518 bid=1075095 dvid=1061 itime=1739192876 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633869 srcip="10.200.133.189" dstip="10.100.135.11" srcport=53635 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192871332089670 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:51" id=7469776519577993283 bid=1075095 dvid=1061 itime=1739192875 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633861 srcip="10.200.133.189" dstip="10.100.135.11" srcport=54967 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192871149433370 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:49" id=7469776515283025930 bid=1075095 dvid=1061 itime=1739192874 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633820 srcip="10.200.133.189" dstip="10.100.135.11" srcport=53635 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192869310607690 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:49" id=7469776510988058674 bid=1075095 dvid=1061 itime=1739192873 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633812 srcip="10.200.133.189" dstip="10.100.135.11" srcport=54967 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192869142789110 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:49" id=7469776510988058660 bid=1075095 dvid=1061 itime=1739192873 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633800 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50213 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192868844961590 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:49" id=7469776510988058638 bid=1075095 dvid=1061 itime=1739192873 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633791 srcip="10.200.133.189" dstip="10.100.135.11" srcport=53635 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192868310745230 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:48" id=7469776506693091368 bid=1075095 dvid=1061 itime=1739192872 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633787 srcip="10.200.133.189" dstip="10.100.135.11" srcport=54967 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192868133557350 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:48" id=7469776506693091343 bid=1075095 dvid=1061 itime=1739192872 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633769 srcip="10.200.133.189" dstip="10.100.135.11" srcport=53635 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192867295033110 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:47" id=7469776502398124063 bid=1075095 dvid=1061 itime=1739192871 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633763 srcip="10.200.133.189" dstip="10.100.135.11" srcport=54967 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192867135902170 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:47" id=7469776502398124061 bid=1075095 dvid=1061 itime=1739192871 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633757 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50869 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192867074045130 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:47" id=7469776502398124060 bid=1075095 dvid=1061 itime=1739192871 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633758 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50870 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192867074045010 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:45" id=7469776498103156772 bid=1075095 dvid=1061 itime=1739192870 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633737 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50868 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192866143815510 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:45" id=7469776498103156771 bid=1075095 dvid=1061 itime=1739192870 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633736 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50867 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192866131876250 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:45" id=7469776498103156770 bid=1075095 dvid=1061 itime=1739192870 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633734 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50874 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192866102951690 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:45" id=7469776498103156769 bid=1075095 dvid=1061 itime=1739192870 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633735 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50873 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192866102951590 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:45" id=7469776493808189491 bid=1075095 dvid=1061 itime=1739192869 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633720 srcip="10.200.133.189" dstip="10.100.135.11" srcport=63581 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192865175608550 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:45" id=7469776493808189489 bid=1075095 dvid=1061 itime=1739192869 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633718 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50872 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192865149863510 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:45" id=7469776493808189488 bid=1075095 dvid=1061 itime=1739192869 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633717 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50871 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192865149862110 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:45" id=7469776493808189485 bid=1075095 dvid=1061 itime=1739192869 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633715 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50874 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192865082681730 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:45" id=7469776493808189484 bid=1075095 dvid=1061 itime=1739192869 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633714 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50873 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192865081569770 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:45" id=7469776493808189482 bid=1075095 dvid=1061 itime=1739192869 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633713 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50869 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192865069320870 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:45" id=7469776493808189481 bid=1075095 dvid=1061 itime=1739192869 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633712 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50870 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192865069320810 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:45" id=7469776493808189475 bid=1075095 dvid=1061 itime=1739192869 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633703 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50213 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192864836721890 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:44" id=7469776489513222182 bid=1075095 dvid=1061 itime=1739192868 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633694 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50872 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192864145496130 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:44" id=7469776489513222181 bid=1075095 dvid=1061 itime=1739192868 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633693 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50871 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192864144754970 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:44" id=7469776489513222180 bid=1075095 dvid=1061 itime=1739192868 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633692 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50868 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192864143943550 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:44" id=7469776489513222179 bid=1075095 dvid=1061 itime=1739192868 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633690 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50867 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192864132883530 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:44" id=7469776489513222178 bid=1075095 dvid=1061 itime=1739192868 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633688 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50870 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192864065882750 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:44" id=7469776489513222177 bid=1075090 dvid=1061 itime=1739192868 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633687 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50869 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192864065882230 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:43" id=7469776485218254894 bid=1075090 dvid=1061 itime=1739192867 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633664 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50868 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192863140885370 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:43" id=7469776485218254893 bid=1075090 dvid=1061 itime=1739192867 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633663 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50867 dstport=53 trandisp="noop" duration=0 proto=6 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192863140849970 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:43" id=7469776485218254884 bid=1075090 dvid=1061 itime=1739192867 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633657 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50213 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192862833620550 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:42" id=7469776480923287578 bid=1075090 dvid=1061 itime=1739192866 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633638 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50213 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192861809935170 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:41" id=7469776476628320291 bid=1075090 dvid=1061 itime=1739192865 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633629 srcip="10.200.133.189" dstip="10.100.135.11" srcport=63581 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192861162606910 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:41" id=7469776476628320285 bid=1075090 dvid=1061 itime=1739192865 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633619 srcip="10.200.133.189" dstip="10.100.135.11" srcport=50213 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192860803427330 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:39" id=7469776468038385701 bid=1075090 dvid=1061 itime=1739192863 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633601 srcip="10.200.133.189" dstip="10.100.135.11" srcport=63581 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192859146653750 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:37" id=7469776463743418393 bid=1075090 dvid=1061 itime=1739192862 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633595 srcip="10.200.133.189" dstip="10.100.135.11" srcport=63581 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192858135126390 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:37" id=7469776463743418384 bid=1075090 dvid=1061 itime=1739192862 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633590 srcip="10.200.133.189" dstip="10.100.135.11" srcport=60826 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192857647087710 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
date="2025-02-10" time="16:07:37" id=7469776459448451098 bid=1075090 dvid=1061 itime=1739192861 euid=1087 epid=1761 dsteuid=3 dstepid=1589 logflag=3 logver=702101706 sfsid=0 type="traffic" subtype="forward" level="notice" action="deny" policyid=5 sessionid=12633578 srcip="10.200.133.189" dstip="10.100.135.11" srcport=63581 dstport=53 trandisp="noop" duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" unauthuser="fvarghese" srcname="HMH-ENG-01 " service="DNS" app="DNS" appcat="unscanned" srcintfrole="lan" dstintfrole="undefined" srcserver=0 policytype="policy" eventtime=1739192857118832730 crscore=30 craction=131072 crlevel="high" poluuid="8082c6ac-e300-51ef-210f-52dd906e63aa" srcmac="40:1a:58:cb:e7:39" mastersrcmac="40:1a:58:cb:e7:39" srchwvendor="Wistron Neweb" srcfamily="Computer" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Reserved" srcintf="internal" dstintf="S2S-Bugolobi" unauthusersource="kerberos" vpntype="ipsecvpn" policyname="vpn_S2S-Bugolobi_local_0" threatwgts="{30}" threatcnts="{1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0300" devid="FGT70FTK22063300" vd="root" devname="HMH-Semuto-FW" csf="HMH-KUKU"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
how does policy with the ID 5 look like ?
"jack of all trades, master of none"
"jack of all trades, master of none"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@funkylicious wrote:how does policy with the ID 5 look like ?
Here is the screenshot
Created on ‎02-11-2025 05:49 AM Edited on ‎02-11-2025 05:50 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
At first glance it would appear that the traffic in question would be subject to the one describe in this KB, https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Threat-131072-is-seen-in-logs-when-t...
under security profiles, do you have any profiles enabled or this rule which cannot be seen here ?
as a test/workaround, try creating above this rule another one more specific with source/dst ip and services and then test again.
"jack of all trades, master of none"
"jack of all trades, master of none"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@funkylicious wrote:At first glance it would appear that the traffic in question would be subject to the one describe in this KB, https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Threat-131072-is-seen-in-logs-when-t...
under security profiles, do you have any profiles enabled or this rule which cannot be seen here ?
as a test/workaround, try creating above this rule another one more specific with source/dst ip and services and then test again.
I already did this but kept getting the same issue
Created on ‎02-11-2025 06:13 AM Edited on ‎02-11-2025 06:14 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kinda strange, im not gonna lie.
if you have a rule above 5 and it still hits this and not the upper one, i would also try and do a clear session of all the traffic destined to that ip, 10.100.135.11 and port 53 and then give it another try and see if it hits the other.
also have a debug enabled for this purpose to better understand how the flow is being handled.
https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/54688/debugging-the-packet-flow
"jack of all trades, master of none"
"jack of all trades, master of none"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi it actually hits the new policy above rule 5 but still brings the same error with that threat ID 131072
Labels
-
FortiGate
10,592 -
FortiClient
2,158 -
FortiManager
889 -
5.2
687 -
FortiAnalyzer
681 -
5.4
638 -
FortiSwitch
584 -
FortiClient EMS
563 -
FortiAP
559 -
IPsec
420 -
6.0
416 -
SSL-VPN
376 -
FortiMail
372 -
5.6
362 -
FortiNAC
283 -
FortiWeb
252 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SD-WAN
192 -
FortiAuthenticator
173 -
FortiGuard
160 -
5.0
152 -
Firewall policy
144 -
FortiGate-VM
131 -
6.4
128 -
FortiCloud Products
116 -
FortiSIEM
113 -
FortiToken
112 -
FortiGateCloud
112 -
Wireless Controller
95 -
Customer Service
88 -
High Availability
86 -
FortiProxy
77 -
ZTNA
76 -
Routing
75 -
Fortivoice
73 -
SAML
71 -
DNS
71 -
VLAN
71 -
FortiEDR
69 -
FortiADC
68 -
BGP
67 -
Authentication
66 -
certificate
65 -
RADIUS
61 -
LDAP
60 -
fortilink
55 -
SSO
54 -
FortiSandbox
53 -
NAT
52 -
FortiExtender
51 -
4.0MR3
49 -
VDOM
47 -
Application control
45 -
FortiDNS
43 -
Interface
43 -
Logging
41 -
Virtual IP
40 -
FortiGate v5.4
38 -
FortiSwitch v6.4
38 -
FortiPAM
35 -
SSL SSH inspection
35 -
Web profile
35 -
FortiConnect
34 -
Automation
33 -
FortiWAN
31 -
FortiConverter
30 -
FortiGate v5.2
27 -
Traffic shaping
26 -
Static route
26 -
SNMP
25 -
API
25 -
SSID
25 -
FortiSwitch v6.2
23 -
FortiPortal
23 -
FortiGate Cloud
23 -
System settings
22 -
OSPF
20 -
WAN optimization
20 -
FortiMonitor
19 -
Security profile
19 -
Web rating
19 -
Web application firewall profile
18 -
IP address management - IPAM
18 -
FortiSoar
17 -
FortiGate v5.0
16 -
FortiDDoS
16 -
FortiAP profile
16 -
Explicit proxy
15 -
Admin
15 -
Proxy policy
15 -
FortiCASB
14 -
IPS signature
14 -
NAC policy
14 -
Intrusion prevention
14 -
FortiManager v4.0
13 -
DNS filter
13 -
FortiManager v5.0
12 -
FortiDeceptor
12 -
users
12 -
Traffic shaping policy
12 -
Fabric connector
12 -
Port policy
12 -
FortiRecorder
11 -
FortiAnalyzer v5.0
10 -
FortiWeb v5.0
10 -
FortiBridge
10 -
Trunk
10 -
Traffic shaping profile
10 -
Authentication rule and scheme
10 -
Fortinet Engage Partner Program
10 -
FortiGate v4.0 MR3
9 -
RMA Information and Announcements
9 -
Antivirus profile
9 -
FortiCache
8 -
FortiToken Cloud
8 -
4.0
7 -
4.0MR2
7 -
Packet capture
7 -
Application signature
7 -
VoIP profile
7 -
Vulnerability Management
7 -
FortiScan
6 -
FortiCarrier
5 -
FortiNDR
5 -
FortiTester
5 -
DLP profile
5 -
DLP sensor
5 -
DoS policy
5 -
Email filter profile
5 -
Protocol option
5 -
Cloud Management Security
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
DLP Dictionary
4 -
Netflow
4 -
TACACS
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
FortiDB
3 -
FortiHypervisor
3 -
Kerberos
3 -
File filter
3 -
Multicast policy
3 -
FortiEdge Cloud
3 -
FortiInsight
2 -
FortiAI
2 -
Video Filter
2 -
Schedule
2 -
ICAP profile
2 -
Zone
2 -
Lacework
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
FortiSASE
1 -
Virtual wire pair
1 -
FortiEdge
1 -
FortiAIOps
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2588 | |
| 1380 | |
| 796 | |
| 658 | |
| 455 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.