I've got this challenge with a lot of alert emails from my fortigate. It looks like it's triggered trough the DoS IpV4 policy on WAN1. If I read and analize the message i see it's from a customer that uses SSL-VPN connection to our center. It's not just one customer but several that can trigger. I raised the treshold for this DoS IpV4 from 2000 to 3500 and it reduced the amount of mails :) . I can of course raise it even higher or just turn it off but that's not a good solution because I want to understand what happens. I see that it seems to be in connection with the logon (but not 100% sure).
i post the Alert and hope somebody can give me a hint or a solution
Message meets Alert condition
The following intrusion was observed: "udp_flood".
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.