Traffic destined to the FortiGate unit
Traffic destined to the FortiGate unit
IPS enabled in firewall policies can only inspect the traffic pass through FortiGate unit, not the traffic destined to FortiGate unit. Enabling IPS in interface-policy allows IPS to pick up any packet on the interface so it is able to inspect attacks targeting FGT.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
I’d be interested in hearing your experience in applying policies to filter traffic destined to the fortigate itself.
Case in point, I had a customer getting random connections to udp/500 for ike from random hosts scanning the internet, which would generate an ipsec alarm, where normally the customer wants those for a vpn going down. All attempts to filter traffic via firewall policy or even local-in to the fortigate from unknown peers proved fruitless, and even fortinet couldn’t give me a real answer how to accomplish this. I’d also love to filter those stupid 8008 and 8010 ports that fortinet infamously loves to leave open for no good reason.