Hello,
I set up some policies for VIPs to allow access to services on my internal server, and now monitoring the traffic in FortiView I can see a lot of addresses in Traffic from WAN - Sources that Session is Blocked. Does this mean that this connection was really blocked, or is it just session that went through but is now closed? If it is really a blocked session, where can I find what is blocking it? I was digging around but couldn't find any more information. I even tried to disable all security profiles, but the sessions are still appearing as blocked, but the Policy seems to be set up right to allow all traffic on those ports.
Thank you.
Go to Dashboard-> Fortiview session -> enter destination IP. Right-click on the IP address or hostname related to that and drill down. Once you see different sessions listed you can click on settings to customize the table to be viewed and select action. you will be able to see multiple reasons for deny, for eg: TCP reset from server, session closed, timeouts etc.
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.