Hi All,
I have read the following information about the threat 131072: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Threat-131072-is-seen-in-logs-when-traffic...
But I am still not sure why we can see this sessions being blocked in our firewall. I have an Allow policy which is blocking some traffic due to threat 131072. Any idea about how to try to troubleshoot this traffic? Thanks.
EDIT: Afer checking deeper, the blocked packets are related to the Packet Based Inspection. I suppose that Packet Based Inspection includes 3-way-handshake, check sequence numbers, etc.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello amorales,
Thank you for using the Community Forum.
I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Regards,
Hi @amorales,
The link explains the traffic logged as denied with the reference threat ID but does not mention why the traffic is getting denied.
Please share the information about the firewall policy configured.
Please also capture the output of the below debugs while generating traffic.
diagnose debug reset
diagnose debug flow filter addr <source_IP> <destination_IP> and
diagnose debug console timestamp enable
diagnose debug flow show iprope enable
diagnose debug flow show function-name enable
diagnose debug flow trace start 1000
diagnose debug enable
After performing the test, you can stop debugging;
diagnose debug disable
diagnose debug reset
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.