Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tanr
Valued Contributor II

IPS logs with Attack ID 0 and Attack Name Unknown?

I'm seeing some IPS logs for outbound connections that show no ID or name, like so:

 

Attack Name Unknown Attack ID 0 Reference https://fortiguard.com/encyclopedia/ips/0

Message : ,

Event Type signature

Protocol Number 6

Type utm

Sub Type ips

 

Destination 

IP 52.162.166.27 Host Name client-s.gateway.messenger.live.com Port 443 Destination Interface Hostname ch1-client-s.gateway.messenger.live.com URL          ch1-client-s.gateway.messenger.live.com Application Protocol tcp Service P2P

 

Action detected

 

Any ideas what might be going on?  

5 REPLIES 5
tanr
Valued Contributor II

Forgot to add: FortiOS 5.6, Extended IPS database.

 

It is showing that it's using one of my specific IPS profiles, but the only P2P application listed within that profile has a proper ID.

Aleksandr_Avdiuhskin

Hi Tanr,

I have found same message from my reporting system.

 

attackid=0 ref="http://www.fortinet.com/ids/VID0"

 

Regards,

pal_FTNT
Staff
Staff

It's a known issue and the developers are already looking into it. 

tanr
Valued Contributor II

Thanks for the update.  Is there a bug number to track this?

pal_FTNT

510539

Labels
Top Kudoed Authors