Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Asyraf
New Contributor II

Created on ‎06-20-2024 07:22 PM

Traffic Deny - Type Reconnaissance

Hi All,

 

I got deny log from the Fortigate even I already configure to allow the connection.

This application using port 1433. The details log as below :

 

Event Action : Deny
Threat Action : Block
Threat Name : Policy Violation

Threat Type : Reconnaissance 
Application Service : Elid06

 

I check on the security profile & not find any possibility that it will block by security profile. Then I change to other service TCP_1433 and the connection was success. Anyone know what is the possibility of the deny traffic.

 

TQ

 

 

 

 

Labels:
1159
0 Kudos
1 Solution
navellano
Staff
Staff
In response to Asyraf

Created on ‎06-20-2024 09:16 PM

Hi Asyraf,

 

Thank you for your prompt response. You created a custom service with set your source and destination to TCP:0/0 service. TCP/0:0 is the opposite of ANY. No traffic will use source or destination port 0 which means TCP traffic will never match this service. 

 

I hope this answers your question. 

 

Thank you,

View solution in original post

1126
3 REPLIES 3
navellano
Staff
Staff

Created on ‎06-20-2024 08:42 PM

Hi Asyraf,


Good day! 

 

I presumed that the traffic direction is outbound. What was the previous service configuration? Was it set to ALL? As the SQL database instance uses TCP port 1433. 

 

Have you tried disabling all of the UTM features on the FW policy and then enabling them one by one to see which security profile is blocking traffic?

 

Regards,

 

 

1137
0 Kudos
Asyraf
New Contributor II
In response to navellano

Created on ‎06-20-2024 08:54 PM

Hi,

 

Thanks for the reply. The traffic direction is inbound and this is new configuration. After some checking I notice the previous service port have Source Port destination configured with value 0. I believe that was the cause why the traffic was drop/deny from FortiGate. Any thought on this ?

 

TQ

1129
0 Kudos
navellano
Staff
Staff
In response to Asyraf

Created on ‎06-20-2024 09:16 PM

Hi Asyraf,

 

Thank you for your prompt response. You created a custom service with set your source and destination to TCP:0/0 service. TCP/0:0 is the opposite of ANY. No traffic will use source or destination port 0 which means TCP traffic will never match this service. 

 

I hope this answers your question. 

 

Thank you,

1128
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.