hello,
please see my screenshot
on the file "help" i went to Fortiview>Destinations
and i so this.this is ok ?
i do not know the source.if its danger how to block ?
i feel that my network is very slow.
Second i go to fortiview>Source
i saw my web server.this is ok ?
You can see the details on the traffic (there's a button, I think on the bottom).
If you don't want the traffic you can block it with a Firewall Policy (or use the IPS, maybe it'll catch it)
i did not find the button and you did not say if it dangers.
(Your screenshot is hard to view.)
OK, there are about 20.000 sessions via tcp/53.
Port 53 is usually used for DNS but that is most probably not the case with you. DNS requests are done in UDP/53, TCP/53 is only used for DNS zone transfers. I doubt that this high number of zone transfers is legitimate traffic. It looks more likely to be traffic tunneled over DNS.
Judge on the destination address as well - is this an ISP or a single dial-up host?
I would recommend blocking this from the thin information you gave us.
| User | Count |
|---|---|
| 2330 | |
| 1262 | |
| 772 | |
| 453 | |
| 436 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.
