Hi to all,
I have a strange behavior here...
Equipment:
[ul]I tried to connect the Fortigate to the FortiSandbox -> authorized -> works fine.
I tried to connect the Fortimail (Default Gateway is the Fortinet DMZ leg) -> FortiSandbox Server not available.
Hmm... -> FortiView
Oh, we have Threats here from FortiMail to FortiSandbox and the Explicit Firewall Rule deny the Traffic.
Drill down -> Source (Mac of FortiMail Interface) -> Destination (Mac of Sandbox Interface) -> Application "RSH"
Ok, create a temp rule for allow any Traffic -> same behavior -> No Connection -> listed in the Threat list with same Details.
Deeper Dive and now I was able to see, the "Source Interface" is port19 (DMZ Interface at the Fortigate) and the "Destination Interface" is mgmt1 ?!
Does anybody have an idea, why the connection hits the mgmt1 interface???
As I wrote, the only route entry at the Fortimail is "ALL to Fortigate DMZ Interface".
At the fortigate the Route to the internal is set to the Core Switch. Everything is working as expected (SMTP etc.) only the SYSLOG Traffic should be a problem here?
Thanks for any suggestion!
FCNSA 5, FCNSP 5, NSE 4
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.