We have a split-tunnel SSL VPN permitting access to the internal office network; this has been set up for some time and works without issue; users are able to access internal resources and servers as required in their normal way.
Whilst checking logs on another matter I've come across a large number of denied netbios forwards on UDP 137 & 138 from VPN clients. As far as I'm aware these are not new (I went back several weeks in the logs). This discovery raises the question as to whether I should be handling this traffic in a different / better way - should it be allowed?
The fortigate is a 60D running 5.2.3. Clients connect based on authorisation via LDAP and device MAC. All clients are Windows 7 or higher.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.