Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ItConsulting
New Contributor

Forticloud high threat level

Hello,

Today i open the forticloud and when i see top threat i find that there's a lot of high threat level traffic blocked by the firewall 

high score level.PNG

 

When I look at the log traffic, I notice that it' s internal traffic from PC1 -> PC2, all this traffic happens in 1 hour, this is the first time I see this behavior on our FW.

Note that our PCs do not communicate with each other.

7680.PNG

631.PNG

192.168.241.12 connected by Wifi and in isolated SSID also 192.168.254.34 in different SSID and it uses port 7680 and 631.

Thnx.

@Toshi_Esumi

@Yurisk 

ItConsulting
ItConsulting
2 REPLIES 2
alif
Staff
Staff

TCP port 7680 is related to Windows Update Delivery Optimization. Please check the below link to turn it off on Windows client.

https://support.microsoft.com/en-us/windows/windows-update-delivery-optimization-and-privacy-bf86a24...

TCP port 631 is used by Internet Printing Protocol (IPP)/CUPS. The log entry shows that client 192.168.241.12 is trying to discover printers on the network. You can stop the CUPS service on that client so that it doesn't scan for printers.

Regards,
SFA
ItConsulting

Thnx for your reply but how i can i stop the IPP/CUPS because this's the first time i see this type of traffic 

ItConsulting
ItConsulting
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors