Hi, I have a Fortigate 60E firmware 7.4.1
I have a public subnet that very often tries to connect via IPSEC VPN to the firewall. I therefore created a local-in-policy to deny the connection to this subnet, but I continue to see the logs and I also receive emails from an automation that notifies me of unsuccessful VPN connections.
Shouldn't the local-in-policy block the source connection so it doesn't even create the log?
The firewall navigates with a public IP directly on its WAN.
edit "Attempt_ipsec_167.0.0.0"
set uuid 006d9cf8-500d-51ee-cdb6-363058ded725
set subnet 167.0.0.0 255.0.0.0
config firewall local-in-policy
edit 1
set uuid d69d2fdc-500d-51ee-9cb8-ff27447660f2
set intf "WAN-Fibra"
set srcaddr "Attempt_ipsec_167.0.0.0"
set dstaddr "all"
set service "IKE" "ALL_ICMP" "VPN_SSL_9443"
set schedule "always"
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
What is your FGT model? I'm curious.
Toshi
Oh, you said 60E. Of course it's not supported. Has to be at least NP6.
Version: FortiGate-60E v7.4.1,build2463,230830 (GA.F)
Created on 09-23-2023 05:05 AM Edited on 09-23-2023 05:06 AM
Unfortunately the ACLs that Fortigate supports didn't help me. Let's see if Fortinet will read my post and be able to explain how to do it. Thanks for now!
Message meets Alert condition
date=2023-09-23 time=02:11:34 devname=FGT60EXXXX devid=FGT60EXXXXXX eventtime=1695427894523057105 tz="+0200" logid="0101037131" type="event" subtype="vpn" level="error" vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action="error" remip=167.248.133.175 locip=XX.XX.XX.XX remport=4500 locport=500 outintf="ppp2" cookies="N/A" user="N/A" group="N/A" useralt="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="esp_error" error_num="Received ESP packet with unknown SPI." spi="4d658221" seq="07fcfd52" fctuid="N/A" advpnsc=0
The access-list you configured under "config router access-list" can be used only for routing protocols like BGP to filter advertising/advertised routes.
It's not ACL to block traffic.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.