Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎07-23-2004 03:25 AM

NIDS Detection

When I go through my log files on my Fortinet 60, the logs show that " the following intrusion was observed" . Does this mean that it didn' t stop the intrusion?
2870
0 Kudos
7 REPLIES 7
UkWizard
New Contributor

Created on ‎07-23-2004 04:13 AM

Possibly, there are some that are prevented, some that arnt. Look the particular one up in the gui.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
1784
0 Kudos
Not applicable
In response to UkWizard

Created on ‎07-23-2004 04:51 AM

So if I look it up in the web GUI and it is listed under the detection tab, it is not prevented, is that correct?
1784
0 Kudos
UkWizard
New Contributor

Created on ‎07-23-2004 05:58 AM

Yes, hence the different " protection" and " detection" sections ....
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
1784
0 Kudos
UkWizard
New Contributor

Created on ‎07-23-2004 06:02 AM

actually i should add, the firewall would obviously still act like a firewall regardless of this. So if its an incoming intrusion, then (presuming you have no incoming allow all rule) it will still drop the traffic. But if its a detected signature over an open port like over port 80, http to your webserver, then no it wont be stopped
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
1783
0 Kudos
Not applicable
In response to UkWizard

Created on ‎07-23-2004 06:34 AM

Alright that clears things up so when it logs items such as: The following intrusion was observed: sql: Slammer[Reference: http://www.fortinet.com/ids/ID287178790] Interface-wan1: UDP 195.129.56.1:2280 -> **.***.**.***:1434 . And port 1434 is not open then it will automatically be dropped, is that about right? Thanks again.
1783
0 Kudos
UkWizard
New Contributor

Created on ‎07-23-2004 06:40 AM

yes thats correct, this is what a firewalls job is. the intrusions are just add-ons to prevent specific attacks or to alert you of attacks. I take it from this you have seen the slammer alerts then, this is totally normal. Every site i have installed so far, usually sees the slammer alerts as the first attempt usually within an hour as well. Stupid really, as this attack is ages old now, and youd thought the sender would have noticed by now.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
UK Based Technical Consultant FCSE v2.5 FCSE v2.8 FCNSP v3 Specialising in Systems, Apps, SAN Storage and Networks, with over 25 Yrs IT experience.
1783
0 Kudos
Not applicable

Created on ‎08-16-2004 03:34 PM

Another way I do it is add a DENY policy at the bottom of the interface pair and turn on logging for the DENY policy. This way I get notified when packets are being dropped. This can get messy on the external interface on the internet if you don' t have some sort of data consentrator but I find it works fine on other interface... I also found a few computers trying to do things they shouldn' t be trying...
1783
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.