Threat id 131072

cybernet2025 · ‎02-20-2023

I've seen the log message like this.
Technical Tip: Threat 131072 is seen in logs when ... - Fortinet Community

I don't know what should I do next.
Could you please explain it for me?

gfleming · ‎02-20-2023

Do you have UTM enabled on the policy where these logs are originating from? If not its just the log messages stating a firewall connection was blocked due to policy.

Cheers,
Graham

cybernet2025 · ‎02-20-2023

Hi Graham
Yes, I do I've enabled UT on the policy. What should I do next? Skip this message or other solutions.

srajeswaran · ‎02-20-2023

Can you validate the denied traffic is expected to be denied? If so, we can just ignore this as a normal traffic deny log.

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

cybernet2025 · ‎02-20-2023

Hi
Please find attached the details below.
I think it's a ms teams session but I don't know is it important?

srajeswaran · ‎02-20-2023

As per the log, the policy ID is "0", which is the default deny policy and it won't have UTM. Can you check the actual policy created between the source and destination interface and see if MS-Teams is allowed in that policy?

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

cybernet2025 · ‎02-21-2023

only allowed for 80 and 443 services.

gfleming · ‎02-21-2023

There's your answer! If you're only allowing port 80 and 443, anything else will be blocked. Your logs above are showing port 3478 is being blocked.

So either allow it or don't but if you don't you will see those log messages.

Cheers,
Graham

Threat id 131072

Nominate a Forum Post for Knowledge Article Creation