Threat 131072

fat · ‎11-18-2020

Hello,

I am doing some labs using Fortigate 201E.

By troubleshooting, I found out that there were many logs in policy 0, deny any any (the bottom line of policy).

Details showed it is "Threat 131072, threat score 30". The concerned protocols were HTTPS, Ping.

In order to get more details, I inserted the 1st line "permit any any" so all traffic should match this line, I am sure.

But strangely, there were still some logs in policy 0 saying threat.

I am very confused of this behavior because, as far as I understand, all traffic should pass over the first line of policy without going down to the last line policy 0.

anyone know the root cause? Your replies are very appreciated.

boneyard · ‎11-19-2020

what are the source and destination interface for the policy you created?

fat · ‎11-20-2020

Hello,

I found out the issue. Because I used redundant interface as source. Instead I should use vlan inside this interface.

After my correction on the concerned policy rules, traffic passes as I expected. The ping didn't work I don't know why. but most important is wanted traffic goes through.

Thank you.

fat · ‎11-21-2020

Since there were logs in implicit deny, I guess the first rule (permit all/any) doesn't contain all services.

I'd like to know what are the services/ports it contains.

Does "ALL" mean only ports tcp/udp 1-65535 and ICMP? anything else?

About the ICMP issue, the error showed icmp 0/8. What is this?

boneyard · ‎11-21-2020

ALL means all, so all protocols and if relevant all ports for that protocol.

ICMP 0/8 is one type of ICMP packet, specially Echo Request commonly ping, for more information look at: https://en.wikipedia.org/...ntrol_Message_Protocol

fat · ‎11-21-2020

Hi Boneyard,

Thank you very much for your quicke replies.

Threat 131072

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website