Hi All,
I got deny log from the Fortigate even I already configure to allow the connection.
This application using port 1433. The details log as below :
Event Action : Deny
Threat Action : Block
Threat Name : Policy Violation
Threat Type : Reconnaissance
Application Service : Elid06
I check on the security profile & not find any possibility that it will block by security profile. Then I change to other service TCP_1433 and the connection was success. Anyone know what is the possibility of the deny traffic.
TQ
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Asyraf,
Thank you for your prompt response. You created a custom service with set your source and destination to TCP:0/0 service. TCP/0:0 is the opposite of ANY. No traffic will use source or destination port 0 which means TCP traffic will never match this service.
I hope this answers your question.
Thank you,
Hi Asyraf,
Good day!
I presumed that the traffic direction is outbound. What was the previous service configuration? Was it set to ALL? As the SQL database instance uses TCP port 1433.
Have you tried disabling all of the UTM features on the FW policy and then enabling them one by one to see which security profile is blocking traffic?
Regards,
Hi,
Thanks for the reply. The traffic direction is inbound and this is new configuration. After some checking I notice the previous service port have Source Port destination configured with value 0. I believe that was the cause why the traffic was drop/deny from FortiGate. Any thought on this ?
TQ
Hi Asyraf,
Thank you for your prompt response. You created a custom service with set your source and destination to TCP:0/0 service. TCP/0:0 is the opposite of ANY. No traffic will use source or destination port 0 which means TCP traffic will never match this service.
I hope this answers your question.
Thank you,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.