I want to be alerted about "Security Events" but I do not care about
things like tcp/udp/icmp scans, that the Fortigate handled by way of the
DoS policies. Is there a way to exclude these (and nothing else) from
the "Message meets Alert condition" no...
Using 300E on v6.0.8 Is it possible to monitor activity from a
particular IP, preferably in a more automated way; API or script, to
know when a *specific* IP triggers a DoS rule, and why? (I'm quite
comfortable with coding, I'm just not sure what par...
I set up quarantines on a few DoS policies tonight and seen a few legit
IPs hitting chatty services and got incorrectly filtered (I have since
re-tuned those rules). Is there a way to see the DoS quarantine and/or
release those IPs? DoS Policy:Policy...
While researching, I see there's a few different ways to achieve this
but ideally, I don't want the user to need an app on their phone. I also
want to utilize AD users and not create 'local' users. Is it possible to
do this by specifying the user's p...
I seem to get an awful lot of port scans to port 500, many/most on the
same IP block.I'm certain they're doing an overall scan of the network,
but I've just implemented a notification alert on the following:[ul]SSL
VPN login failureIPsec tunnel error...
Thank you both for the suggestions, extremely helpful! I ended up
creating an address group with the ranges that were seen most often and
adding a deny policy. Right away, I seen activity on the policy.
Additionally, I also setup a DDoS policy and us...
