Description
Some network implementations may generate an extensive amount of IP packets that have a source IP address which will trigger the following log message :
2012-10-30 10:13:42 log_id=0038000007 type=traffic subtype=other pri=warning status=deny vd="root" src=10.75.2.29 srcname=10.75.2.29 src_port=138 dst=10.75.3.255 dstname=10.75.3.255 dst_country="Reserved" src_country="Reserved" dst_port=138 service=138/udp proto=17 app_type=N/A duration=0 rule=0 policyid=0 identidx=0 sent=0 rcvd=0 shaper_drop_sent=0 shaper_drop_rcvd=0 perip_drop=0 shaper_sent_name="N/A" shaper_rcvd_name="N/A" perip_name="N/A" vpn="N/A" vpn_type=UNKNOWN(65535) vpn_tunnel="N/A" src_int="port1" dst_int="N/A" SN=55198 app="N/A" app_cat="N/A" user="N/A" group="N/A" msg="reverse path check fail, drop" carrier_ep="N/A" profilegroup="N/A" subapp="N/A" subappcat="N/A"
This message is further described in the related KB article "Details about FortiOS RPF (Reverse Path Forwarding), also called Anti-Spoofing".
Solution
Like other log messages that are of type=traffic and subtype=other, they can be stopped from being sent to log destinations with the following method:
config log memory filter
set extended-traffic-log disable
end
config log fortianalyzer filter
set extended-traffic-log disable
end
config log disk filter
set extended-traffic-log disable
end
|
If VDOM is enabled:
For FortiAnalyzer, this is in Global mode, while for Memory, it is per VDOM
config global
config log fortianalyzer filter
set extended-traffic-log disable
end
end
config vdom
edit <vdom_name>
config log memory filter
set extended-traffic-log disable
end
end
td> |
Note that prior to FortiOS 4.0MR3, the parameter "extended-traffic-log" was named "other-traffic".
Related Articles
Technical Note: Details about FortiOS RPF (Reverse Path Forwarding), also called Anti-Spoofing
