Hello,
Yesterday i facing issue where from client not able access to Azure MSSQL, then i found some information from Azure team that deploying MSSQL on azure have 2 kind of connections policy such is :
The issue yesterday is on our Fortinet application control the MSSQL is already allowed but the client still not able to connect because the MSSQL using redirect mode which is need open port range from 11000-11999.
On the log i also can see there is MSSQL is blocked and also I can see the port used is 11050.
Here i want to know how application can knowing this port 11050 is belong to MSSQL?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @HS08 ,
Application control is not interested in the application port. It just interested application communication pattern. When I reviewed your logs, this traffic was not blocked by application control. Because control action is just detected not blocked or dropped.
Can you share the full log with us? This way we can more easily understand why it was blocked.
i posting the log here twice and my post is disappears. Now the log i paste the log as pic here
Hello @HS08 ,
That is interesting. Do you have any other security profile on IT policy?
Here my rule
Hello @HS08 ,
Can you remove all security profiles except app control? After removing it, can you try to access the SQL service?
Still can't access even only have app control in the rule.
Hello,
In Forward Logs you should be able to see the "Security" part of the log. There it should be stated what exactly is blocking the website.
Hope this helps.
Enea
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1570 | |
1034 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.