Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FGFan
New Contributor

How to check IPs attacking Fortigate

hi all, My fortigate (310B) is receiving a very high input traffic on interface facing the internet, but there are a little traffic on inside interface(facing Lan network), i am afraid of someone is attacking or scan port to my fortigate. So which CLI command can I use to list the IPs attacking to my FG devices or any threat FG is receiving? or any advice to check and debug my problem ? Thanks,

2 REPLIES 2
FGFan
New Contributor

anyone help me, please !

ede_pfau
Esteemed Contributor III

hmmm...if I would scan for open ports on your public IP, would I'd be successful? If not, don't worry. Connection attempts are not as much a burden as incoming traffic, except for a DoS situation so that legitimate traffic cannot connect anymore.

You've got the logging ('denied traffic') to find out which kind of traffic you're seeing. If you don't serve that port, all the better. If you do, have a look at 'local-in' policies, to deny specific traffic from ip address ranges or geo locations (countries) etc. Local-in policies are handled first so you'd economize on CPU load.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors