- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Threat id 131072
I've seen the log message like this.
Technical Tip: Threat 131072 is seen in logs when ... - Fortinet Community
I don't know what should I do next.
Could you please explain it for me?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Do you have UTM enabled on the policy where these logs are originating from? If not its just the log messages stating a firewall connection was blocked due to policy.
Graham
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Graham
Yes, I do I've enabled UT on the policy. What should I do next? Skip this message or other solutions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you validate the denied traffic is expected to be denied? If so, we can just ignore this as a normal traffic deny log.
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Please find attached the details below.
I think it's a ms teams session but I don't know is it important?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
As per the log, the policy ID is "0", which is the default deny policy and it won't have UTM. Can you check the actual policy created between the source and destination interface and see if MS-Teams is allowed in that policy?
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
only allowed for 80 and 443 services.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There's your answer! If you're only allowing port 80 and 443, anything else will be blocked. Your logs above are showing port 3478 is being blocked.
So either allow it or don't but if you don't you will see those log messages.
Graham