Text only | Text with Images

Networking-Forums.com

Professional Discussions => Security => Topic started by: deanwebb on April 08, 2021, 09:24:55 AM

Title: Fortinet Question - IP and Ports being reported to security systems
Post by: deanwebb on April 08, 2021, 09:24:55 AM
Yo, Wintermute!

We're seeing a situation in which Fortinet firewalls are reporting IP addresses and/or open ports on devices where there's no host at the IP address and no such open port on the device. The common factor is a Fortinet firewall in the path. Is there any setting on the Fortinet that we should check to modify/stop the behavior?
Title: Re: Fortinet Question - IP and Ports being reported to security systems
Post by: wintermute000 on July 06, 2021, 07:34:32 AM
can you be more specific about Fortinet firewalls reporting IP addresses / open ports? What exactly is the report or screen or output you're seeing?
Title: Re: Fortinet Question - IP and Ports being reported to security systems
Post by: deanwebb on July 07, 2021, 09:48:30 AM
This would be reporting via ARP tables and/or responses to NMAP scans.
Title: Re: Fortinet Question - IP and Ports being reported to security systems
Post by: Otanx on July 07, 2021, 11:53:22 AM
sounds like proxy arp is enabled.

-Otanx
Title: Re: Fortinet Question - IP and Ports being reported to security systems
Post by: wintermute000 on July 12, 2021, 04:15:35 AM
I still don't get what its 'reporting'. The FW isn't running NMAP scans or anything like that?
If you mean that when its responding, then yep proxy ARP because theres a VIP or NAT etc.
Title: Re: Fortinet Question - IP and Ports being reported to security systems
Post by: deanwebb on July 12, 2021, 01:03:59 PM
Responding, so I'll check on the proxy ARP.
Text only | Text with Images