Hello,
I set up some policies for VIPs to allow access to services on my internal server, and now monitoring the traffic in FortiView I can see a lot of addresses in Traffic from WAN - Sources that Session is Blocked. Does this mean that this connection was really blocked, or is it just session that went through but is now closed? If it is really a blocked session, where can I find what is blocking it? I was digging around but couldn't find any more information. I even tried to disable all security profiles, but the sessions are still appearing as blocked, but the Policy seems to be set up right to allow all traffic on those ports.
Thank you.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Go to Dashboard-> Fortiview session -> enter destination IP. Right-click on the IP address or hostname related to that and drill down. Once you see different sessions listed you can click on settings to customize the table to be viewed and select action. you will be able to see multiple reasons for deny, for eg: TCP reset from server, session closed, timeouts etc.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.