Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FortiMax_it
Contributor

Created on ‎09-22-2023 12:10 PM

Local-in-policy and log

Hi, I have a Fortigate 60E firmware 7.4.1
I have a public subnet that very often tries to connect via IPSEC VPN to the firewall. I therefore created a local-in-policy to deny the connection to this subnet, but I continue to see the logs and I also receive emails from an automation that notifies me of unsuccessful VPN connections.
Shouldn't the local-in-policy block the source connection so it doesn't even create the log?
The firewall navigates with a public IP directly on its WAN.

 

 

 edit "Attempt_ipsec_167.0.0.0"
        set uuid 006d9cf8-500d-51ee-cdb6-363058ded725
        set subnet 167.0.0.0 255.0.0.0
config firewall local-in-policy
    edit 1
        set uuid d69d2fdc-500d-51ee-9cb8-ff27447660f2
        set intf "WAN-Fibra"
        set srcaddr "Attempt_ipsec_167.0.0.0"
        set dstaddr "all"
        set service "IKE" "ALL_ICMP" "VPN_SSL_9443"
        set schedule "always"

 

 

 
IKE.jpg

 

log__.jpg

Labels:
2178
0 Kudos
14 REPLIES 14
Toshi_Esumi
SuperUser
SuperUser
In response to FortiMax_it

Created on ‎09-22-2023 01:32 PM

What is your FGT model? I'm curious.

 

Toshi

744
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to Toshi_Esumi

Created on ‎09-22-2023 01:33 PM

Oh, you said 60E. Of course it's not supported. Has to be at least NP6.

742
FortiMax_it
Contributor
In response to Toshi_Esumi

Created on ‎09-22-2023 01:34 PM

Version: FortiGate-60E v7.4.1,build2463,230830 (GA.F)

741
0 Kudos
FortiMax_it
Contributor
In response to anignan

Created on ‎09-23-2023 05:05 AM Edited on ‎09-23-2023 05:06 AM

Unfortunately the ACLs that Fortigate supports didn't help me. Let's see if Fortinet will read my post and be able to explain how to do it. Thanks for now!

 

Message meets Alert condition

date=2023-09-23 time=02:11:34 devname=FGT60EXXXX devid=FGT60EXXXXXX eventtime=1695427894523057105 tz="+0200" logid="0101037131" type="event" subtype="vpn" level="error" vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action="error" remip=167.248.133.175 locip=XX.XX.XX.XX remport=4500 locport=500 outintf="ppp2" cookies="N/A" user="N/A" group="N/A" useralt="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="esp_error" error_num="Received ESP packet with unknown SPI." spi="4d658221" seq="07fcfd52" fctuid="N/A" advpnsc=0

 

700
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to FortiMax_it

Created on ‎09-23-2023 06:35 PM

The access-list you configured under "config router access-list" can be used only for routing protocols like BGP to filter advertising/advertised routes.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Create-an-Access-list-on-a-Route-Map-that-...

It's not ACL to block traffic.

 

Toshi

684
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.