Hi,
I have a problem with the quarantine with the "ip_src_session" of a Dos policy.
The Policy is also set to Block and the log "anomaly" returns the ip that exceed the threshold of 200.
But the IP doesn't go to quarantine...
Obviously I set the quarantine commands via cli.
Commands: set quarantine-attacker and set quarantine-expiry 1d.
Another thing: I have a Dos policy before this that for a specific source address don't do anything.
Is a exception for a specific source IP to understand, but I don't think it matters much.
Anyone can help me?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It seems there may be different answers for this question depending on the FortiGate hardware and FortiOS version. It does not exclude a bug.
But the log that is generated is important (to see the action taken by FG), as well as the quarantine list and anomaly meters:
diag user quarantine list
diag ips anomaly list
I have Fortigate 400E bypass with v 7.0.3.
if I use the command "diag ips anomaly list" I see a series of ip addresses that are not present in the "anomaly" GUI...
The quarantine list is empty.
If i configure the quarantine part for an IPS rule it works....
I think you need to open a support ticket for this (may be a bug?!)
Hi, I understand finally why.
After configure the Dos policy, I disable and re-enable the logging options of "ip_src_session" and the Dos policy correctly ban the ip.
Seems to be a bug...
Thanks
This worked for me
Thank you!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1673 | |
1083 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.