Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kinmun
New Contributor II

intrusion attacks

my fg300d keeps detecting a certain foreign IP address as intrusion attacks to my dmz server with ssl heartbleed.

although the firewall dropped the packets, i am still quite worried.

this has been going on for some time.

what else can u do ??

 

Message meets Alert condition

The following intrusion was observed: OpenSSL.Heartbleed.Attack.

date=2016-04-06 time=22:43:03 devname=FG3002 devid=FGT3HXXXXX logid=04384 type=utm subtype=ips eventtype=signature level=alert vd="root" severity=critical srcip=62.231.xxx.xxx dstip=10.xxx.xx.xx sessionid=2950272399 action=dropped proto=6 service=HTTPS attack="OpenSSL.Heartbleed.Attack" srcport=42726 dstport=443 direction=0 attackid=38315 profile="Web Servers" ref="http://www.fortinet.com/ids/VID38315" incidentserialno=1273634930 msg="applications: OpenSSL.Heartbleed.Attack," crscore=50 crlevel=critical  

1 REPLY 1
kinmun
New Contributor II

my policy is from WAN(source IP) to DMZ(dmz server) deny all

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors