gents,
time to time, my fortigate have thousands of sessions see below from screenshot. how to find root cause, how to stop these multiple sessions ? 10.100.10.25 - is our mail server. Currently I am terminating manually.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @Umirzak,
Are you expecting outbound traffic from the mail server to those IPs? If not, you can block it using firewall policy.
Regards,
everytime different IPs (
this is another example
Is all the sessions are destined to IP in Indonesia ? If so, we can create an address entry for Indonesia and block all these connections till we find the root cause.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Blocking-Inbound-Access-from-Specific-Coun...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-block-by-country-or-geolocation/ta-...
unfortunately didn't help, different countries, different IPs. gents, can you help me please.
As per this document Fortimail generates SYN packet on port80 for DynDNS.
* FortiMail generates outbound traffic and sends an HTTP SYN request via TCP/80. The Fortinet RSS Feed widget provides a convenient display of the latest security advisories and discovered threats from Fortinet. Also, if an email message contains a shortened URI that redirects to another URI, it would cause FortiMail to send an HTTP SYN request to the shortened URI to get the redirected URI.
Ref: https://docs.fortinet.com/document/fortigate/6.4.0/ports-and-protocols/74478/fortimail-open-ports
Do you have dynamic DNS configured?
https://docs.fortinet.com/document/fortimail/7.4.2/cli-reference/810276/system-ddns
no i don't have fortimail and dynamic dns.
yesterday i just closed all ports from DMZ to WAN except mail service ports. looks OK, but i still dont find root cause
I've hardened my mail server. look like issue resolved.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.