Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Intrusion Prevention Alert

I received the following alert on my Fortigate. How do I tell that this was dropped? Or if there is still something else I need to do on my Fortigate?


The following intrusion was observed: Apache.Tomcat.Arbitrary.JSP.file.Upload.

date=2019-05-03 time=06:02:20 devname=FGT01 devid=FG101E4Q17000329 logid=0419016384 type=utm subtype=ips eventtype=signature level=alert vd=root severity=high srcip= srccountry="China" srcintf="wan1" dstintf="lan" policyid=7 sessionid=57982235 action=dropped proto=6 service="HTTPS" attack="Apache.Tomcat.Arbitrary.JSP.file.Upload" srcport=31951 dstport=443 hostname="" direction=outgoing attackid=44543 profile="protect_http_server" ref="" incidentserialno=1972817245 msg="web_server: Apache.Tomcat.Arbitrary.JSP.file.Upload," crscore=30 crlevel=high  

Esteemed Contributor III

IPS cuts off the session if a pattern matches, that's why it's called "dropped". This one was detected and the connection was dropped after some time/bytes. It wouldn't hurt if you checked your server though.


"Kernel panic: Aiee, killing interrupt handler!"