Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

More information about Threat 131072

Hi All,


I have read the following information about the threat 131072:


But I am still not sure why we can see this sessions being blocked in our firewall. I have an Allow policy which is blocking some traffic due to threat 131072. Any idea about how to try to troubleshoot this traffic? Thanks.


EDIT: Afer checking deeper, the blocked packets are related to the Packet Based Inspection. I suppose that Packet Based Inspection includes 3-way-handshake, check sequence numbers, etc.

Community Manager
Community Manager

Hello amorales,


Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Anthony-Fortinet Community Team.

Hi @amorales,


The link explains the traffic logged as denied with the reference threat ID but does not mention why the traffic is getting denied.

Please share the information about the firewall policy configured.

Please also capture the output of the below debugs while generating traffic.


diagnose debug reset
diagnose debug flow filter addr <source_IP> <destination_IP> and
diagnose debug console timestamp enable
diagnose debug flow show iprope enable
diagnose debug flow show function-name enable
diagnose debug flow trace start 1000
diagnose debug enable


After performing the test, you can stop debugging;
diagnose debug disable
diagnose debug reset

Top Kudoed Authors