We found that the Fortigate 60D we had was causing this. The cause seems to have been multiple invalid DNS lookups. We didn't find any error logs that suggested that problem, but this is what this IPS block is typically caused by. In the end, we fixed this by changing the user's LAN IP address, but we also could have seen the blocked IP addresses via these commands from the CLI:
OS 5.0:
get user ban list
OS 5.2
diagnose firewall ip_host list
To delete an entry, you'd enter this command:
diagnose firewall ip_host delete src4/src6
Exmaple:
diagnose firewall ip_host delete src4 10.10.10.21
The information from this page came from here:
http://kb.fortinet.com/kb/documentLink.do?externalID=FD36211
No comments:
Post a Comment