my fg300d keeps detecting a certain foreign IP address as intrusion attacks to my dmz server with ssl heartbleed.
although the firewall dropped the packets, i am still quite worried.
this has been going on for some time.
what else can u do ??
Message meets Alert conditionThe following intrusion was observed: OpenSSL.Heartbleed.Attack.date=2016-04-06 time=22:43:03 devname=FG3002 devid=FGT3HXXXXX logid=04384 type=utm subtype=ips eventtype=signature level=alert vd="root" severity=critical srcip=62.231.xxx.xxx dstip=10.xxx.xx.xx sessionid=2950272399 action=dropped proto=6 service=HTTPS attack="OpenSSL.Heartbleed.Attack" srcport=42726 dstport=443 direction=0 attackid=38315 profile="Web Servers" ref="http://www.fortinet.com/ids/VID38315" incidentserialno=1273634930 msg="applications: OpenSSL.Heartbleed.Attack," crscore=50 crlevel=critical
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
my policy is from WAN(source IP) to DMZ(dmz server) deny all
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1629 | |
1062 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.