Forticloud high threat level

ItConsulting · ‎10-26-2022

Hello,

Today i open the forticloud and when i see top threat i find that there's a lot of high threat level traffic blocked by the firewall

When I look at the log traffic, I notice that it' s internal traffic from PC1 -> PC2, all this traffic happens in 1 hour, this is the first time I see this behavior on our FW.

Note that our PCs do not communicate with each other.

192.168.241.12 connected by Wifi and in isolated SSID also 192.168.254.34 in different SSID and it uses port 7680 and 631.

Thnx.

@Toshi_Esumi

@Yurisk

ItConsulting

alif · ‎10-26-2022

TCP port 7680 is related to Windows Update Delivery Optimization. Please check the below link to turn it off on Windows client.

https://support.microsoft.com/en-us/windows/windows-update-delivery-optimization-and-privacy-bf86a24...

TCP port 631 is used by Internet Printing Protocol (IPP)/CUPS. The log entry shows that client 192.168.241.12 is trying to discover printers on the network. You can stop the CUPS service on that client so that it doesn't scan for printers.

Regards,
SFA

ItConsulting · ‎10-27-2022

Thnx for your reply but how i can i stop the IPP/CUPS because this's the first time i see this type of traffic

ItConsulting

Forticloud high threat level

Nominate a Forum Post for Knowledge Article Creation