hello friends, a question.
The monitor mode WAF profile is enabled in the service publications that have been created in the FG.IPs are observed that belong to my LAN network (I suppose that is the reason why "reserved" is shown in the country of origin). My question is, why is the "information disclosure" event generated? has it happened to you?
because the signature "information disclosure" means exposing private information to individuals who would not normally have access to it. which has me worried since the source ip's are ip's from the internal network
Hi @unknown1020,
WAF is used to protect a web server behind the FortiGate. It should be enabled under inbound firewall policy and source IP shouldn't be internal.
Regards,
The WAF profiles are assigned only to the service policies (WAN to LAN), for this reason it seems strange to me that logs appear where the internal IP's of my LAN are displayed.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.