Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sschaffer
New Contributor

Status Meanings

I have been looking for documentation on what the different values Status=" " can have in the logs and what they mean and have not been able to find anything. Does anyone have any information on these? I have seen Detected, blocked, passthrough, exempted, and so on. Some of them are self explanatory but others, such as Detected, are not. It was detected yes, but what happened to it, was it blocked, dropped, what? Thanks Scott
4 REPLIES 4
AndreaSoliva
Contributor III

Hi detected means as the word itself says...." detected" like monitored...not blocked or dropped. If you do a IPS rule and the default is bypass the FGT -if you log this policy- would bring in the logs " detected" like found. hope this helps have fun Andrea
sschaffer
New Contributor

Thanks. That was as I suspected but wanted to be sure. I am seeing a few attempts of the heartbleed attack on our systems and they are showing as detected in logs. I see that there is an IPS signature for Heartbleed, called OpenSSL.TLS.Heartbeat.Information.Disclosure and I have installed the latest firmware for our Fortigate unit. However the IPS signature is set to Pass Heartbleed. I am looking for a way to block or drop these attacks. I am fairly sure that the rest of our systems are not vulnerable to it but thought that the best protection would be to block it at the perimeter. Any idea how I could do this, either by changing the Heartbeat signature to Block or setting up a rule that uses the detected signature to block it? Thanks Scott
Ralf_Lauerwald
New Contributor

Hi, same Problem here. I have a IPS-Sensor " protect_exchange" and there is also the OPENSSL.hartbeat..... It' s on the Default Action " Monitor" . Is it possible to change only the SSL.Heartbeat to block and let the other signatures in this Filter on " Default" ??
AtiT
Valued Contributor

Hi, Yes it is possible. Under the IPS sensor you create new, select the Signature and at the bottom of the page you click to Block All.

AtiT

AtiT
Labels
Top Kudoed Authors