In FortiGate logs, I have found Some external Outbound traffic that happened from the internal network with device action-Start.As per Fortigate documentation I understood that Fortigate allowed the corresponding traffic and TCP session started. I have checked the bytes in and bytes out field values, which were 0, meaning that data was not transferred. So, the session started but data was not transferred in this communication. I would like to know whether FortiGate played any role in this data transfer that's why data was not transferred?
Hi,
This log is triggered because policy has been enabled to record an entry when session starts. So at the beginning of initiating a session with a syn, there wouldnt be any data transferred. It does not indicate about any data transfer.
best regards,
Jin
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.