Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
CAD
Contributor

Report in local traffic

Hello Everyone,

I want some one explain me the below report i found it in Log&report in traffic Log in Local traffic  section:

 

Source

Destination

Application Name

Sent/Received

Threat

Action

Source country

77.72.xx.xx

My Public IP address

Udp/25497

0B/0B

131072

Deny

Netherlands

52.8.x.x

My Public IP address

Ping

92B/92B

 

Accept

United state

218.189.x.x

My Public IP address

Ping

840B/840B

 

Accept

Hong Kong

58.218.x.x

My Public IP address

SQUID

0B/0B

 

Deny

China

My computer

192.168.1.255

netbios forward

0B/0B

 

Deny

Reserved

9 REPLIES 9
CAD
Contributor

Sorry i will upload table again:

 

thanks And Regards,

AtiT
Valued Contributor

Hello,

Local-in security policies are policies the control the flow of internal traffic. Traffic from/to your FotiGate.

 

What you see in the above table is that the IP address 77.72.xx.xx wanted to communicate with the IP address of your FortiGate on the UDP port 25497 and it was blocked.

 

Also your computer is sending broadcast netbios packets to all devices on the 192.168.1.0/24 subnet and the FortiGate blocked that communication.

AtiT

AtiT
CAD
Contributor

thanks for reply,

 

(IP address 77.72.xx.xx wanted to communicate with the IP address of your FortiGate on the UDP port 25497 and it was blocked.). 

This means that 77.72.xx.xx trying to penetrate my firewall?   thanks

 

AtiT
Valued Contributor

It depends how much logs you have like this. It can be a robot that is scanning something etc.

I can see in our LAB on the firewall that 47.88.1.138 is sending DNS requests to it. It could be anything - wrong DNS configuration, a robot that was able to ping the IP address before... it is hard to say.

AtiT

AtiT
CAD
Contributor

thanks again ,

is there any way or tools to know this communication.

 

thanks

CAD
Contributor

Also , 

internal computers send Netbios Prodcast and Dhcp relay , is this normal , if no how to stopped.   please advise me , my knowledge not much.   thanks   
CAD
Contributor

please i need your assistant.

AtiT
Valued Contributor

Hi,

it is a Fortinet forum not Microsoft forum. Search for netbios on the Microsoft sites or on Google to see whether it is safe to turn off netbios in your network. If I remember netbios is not used since Windows 2000 but I am not sure.

AtiT

AtiT
CAD
Contributor

thanks for help

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors