Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
gsarica
Contributor

Created on ‎08-09-2016 12:57 PM

Failed Connection Attempts - OpenDNS

Can anyone assist with this issue or have seen it before?

 

Basically we keep getting hundreds of blocked 'threats' in our logs from an unknown source to the OpenDNS server IP's:

 

We do use OpenDNS for filtering purposes as well and keep the DNS Filter off (for now anyway) on the FortiGate. Also, these entries only seem to be generated by devices connected to our wireless AP's and not by any PC's that route straight through the FortiGate.

 

Preview file
105 KB
8017
0 Kudos
1 REPLY 1
gsarica
Contributor

Created on ‎08-11-2016 06:45 AM

I think I might have answered my own question though I'm not 100% sure. I believe since we're using DNS filtering with OpenDNS and the AP's are acting as routers, they're sending traffic to OpenDNS and when it's denied there, the FortiGate is reading that as a failed connection attempt. The FortiGate has no way of telling that it was a failed connection because it was blocked by OpenDNS.

2321
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.