Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
unknown1020
New Contributor III

WAF profile in Fortigate

hello friends, a question.

The monitor mode WAF profile is enabled in the service publications that have been created in the FG.IPs are observed that belong to my LAN network (I suppose that is the reason why "reserved" is shown in the country of origin). My question is, why is the "information disclosure" event generated? has it happened to you?

because the signature "information disclosure" means exposing private information to individuals who would not normally have access to it. which has me worried since the source ip's are ip's from the internal network

2 REPLIES 2
hbac
Staff
Staff

Hi @unknown1020,

 

WAF is used to protect a web server behind the FortiGate. It should be enabled under inbound firewall policy and source IP shouldn't be internal. 

 

Regards, 

unknown1020
New Contributor III

The WAF profiles are assigned only to the service policies (WAN to LAN), for this reason it seems strange to me that logs appear where the internal IP's of my LAN are displayed.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors