Hi,
We have a report from every single one of our Synology network attached storage (NAS) that there was an attempt to access it via SSH and the IP is coming from Fortigate itself and I wanna know exactly why?
From the logs, it says a user "admin" from the IP of Fortigate (192.168.0.1) device is accessing our Synology NAS via SSH.
We're using the Fortigate 100E running on FortiOS v6.0.5 build0268 (GA)
additional note:
Currently, some users are currently using Forticlient VPN when connected to Synology, their IP address will be marked as only one address which is 192.168.0.1 to the Synology log list, but their access is only SMB protocol, not SSH. Is there any possible that there is an infected device? although this VPN setup is already a year and a half (when the pandemic started) and that attempt was just a recent (last Saturday).
Thank you and regards.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Greetings!
Currently, some users are currently using Forticlient VPN when connected to Synology, their IP address will be marked as only one address which is 192.168.0.1 to the Synology log list, but their access is only SMB protocol, not SSH.
>>> I would suggest you to disable NAT in all inbound policy, NAT will translate the actual source address to FortiGate interface IP address 192.168.0.1 and due to NAT we wouldn't able to identify the actual client who is trying to send "SSH" request to NAS.
As far as FortiGate is concern, It wouldn't generate SSH to NAS.
Are you using sslvpn? or it is turn off?
I would also recommend to upgrade fortios to latest version, like fortios 7.2.8
Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.