Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TheGraffy
New Contributor

Failed Connection Attempt - Firewall Control

Can anyone explain why I am seeing this "Top Threat" from IP's in my own network?

(What could be causing this?)

 

Thanks,

 

-Tom

1 REPLY 1
Heath_Barnhart
New Contributor

I haven't found the official definition, but from what I've concluded is this means any traffic that was allowed through the firewall, but did not form a complete connection. It might also be tied to the session table timer. For example, if a device on the network tries to open a tcp session with another device through the firewall, but the receiving device isn't listening on the given port. Could be indicative of a misconfigured host, application, or a scan. You'd have to investigate to be sure.

 

I just set the threat weight to 0 as it was mostly junk. Again I'm not entirely sure but it looks like anything that times out of the session table gets this label, including UDP. I found it to be too noisy to be of any good and effectively disabled it in FortiView. You'll still see IP Connection error in the logs though, so its not like you are completely disabling the logging of this traffic.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors