No denied messages for Fortigate 60
We have a Fortigate 60 that is not reporting on the implied "deny all". In other words, we have no inbound rules defined on our outside public IP address. Therefore, all packets should be blocked. The problem however, is that the Forigate is not reporting the denials. I ran an attack against the unit for a couple of hours and it didn't report anything be denied. I also configured the Fortigate to send messages to Kiwisyslog and nothing showed up there either. We called Fortinet and they said this is by design!! We said that is not acceptable as our example proved a network could be under an attack and never be notified. We refuse to believe that this feature is not possible and in looking at your demo site, you are receiving denied connections.
What are we doing wrong as I'm certain this has to be supported? They did say that a specific denial rule in the firewall will generate a rule but we cannot create a rule at the bottom of each policy to deny everything and have it log. Fortinet said that is an illegal rule and will not work (we tried it and they were right).
Thanks!
What are we doing wrong as I'm certain this has to be supported? They did say that a specific denial rule in the firewall will generate a rule but we cannot create a rule at the bottom of each policy to deny everything and have it log. Fortinet said that is an illegal rule and will not work (we tried it and they were right).
Thanks!
Topic Participants
shermanson
support+user
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?