Hello,
I'am new in FORTINET product. Could somebody help to analyze this log:
Message meets Alert condition
date=2018-05-02 time=14:25:40 devname=FGT60E4Q16012644 devid=FGT60E4Q16012644 logid=0000000013 type=traffic subtype=forward level=notice vd=root srcip=195.14.185.150 srcport=53152 srcintf="wan1" dstip=195.14.160.210 dstport=8291 dstintf="internal" sessionid=622928 proto=6 action=deny policyid=0 policytype=policy dstcountry="Lithuania" srccountry="Lithuania" trandisp=dnat tranip=192.168.1.10 tranport=8291 service="tcp/8291" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 appcat="unscanned" crscore=30 craction=131072 crlevel=high
Thank you
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The Log says:
Source IP 195.14.185.150 is trying to communicate with Destination IP 195.14.160.210 and the destination port is 8291.
And the dst IP 195.14.160.210 has a NAT to 192.168.1.10.
And if not obvious it's denied. I would assume NO-POLICY or if you have a policy for that VIP it's installed incorrect or typo
PCNSE
NSE
StrongSwan
Hello,
As you can see, the raw logs comprise of key/value pairs. For example, time=14:25:40 gives you the time that the traffic was captured at, devid=FGT60E4Q16012644 is the device ID of the Fortigate that captured the traffic etc.
The most interesting information really is the origin of the traffic (srcip=195.14.185.150 srcport=53152), the destination of the traffic (dstip=195.14.160.210 dstport=8291) and the action taken on the traffic (action=deny). srcintf="wan1" tells you that the traffic originated from the wan1 interface (which can help in troubleshooting). The rest should be self-explanatory.
I hope that helps.
NSE5, CCSE, CCNA R&S, CompTIA A+, CompTIA Network+, CompTIA Security+, MTA Security, ITIL v3
FYI: TCP/8291 uses Mikrotik for router OS management.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1692 | |
1087 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.