Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fat
New Contributor

Threat 131072

Hello,

 

I am doing some labs using Fortigate 201E.

By troubleshooting, I found out that there were many logs in policy 0, deny any any (the bottom line of policy).

Details showed it is "Threat 131072, threat score 30". The concerned protocols were HTTPS, Ping.

 

In order to get more details, I inserted the 1st line "permit any any" so all traffic should match this line, I am sure.

But strangely, there were still some logs in policy 0 saying threat.

 

I am very confused of this behavior because, as far as I understand, all traffic should pass over the first line of policy without going down to the last line policy 0.

 

anyone know the root cause? Your replies are very appreciated.

 

5 REPLIES 5
boneyard
Valued Contributor

what are the source and destination interface for the policy you created?

fat
New Contributor

Hello,

 

I found out the issue. Because I used redundant interface as source. Instead I should use vlan inside this interface.

After my correction on the concerned policy rules, traffic passes as I expected. The ping didn't work I don't know why. but most important is wanted traffic goes through.

 

Thank you.

fat
New Contributor

 

Since there were logs in implicit deny, I guess the first rule (permit all/any) doesn't contain all services.

I'd like to know what are the services/ports it contains.

 

Does "ALL" mean only ports tcp/udp 1-65535 and ICMP? anything else?

 

About the ICMP issue, the error showed icmp 0/8. What is this?

boneyard
Valued Contributor

ALL means all, so all protocols and if relevant all ports for that protocol.

 

ICMP 0/8 is one type of ICMP packet, specially Echo Request commonly ping, for more information look at: https://en.wikipedia.org/...ntrol_Message_Protocol

fat
New Contributor

Hi Boneyard,

 

Thank you very much for your quicke replies.

Top Kudoed Authors