Have any members seen this one. We don't utilize Fortinet products. Is this coming from someone who uses this equipment or have they been compromised. Thanks in advance for any responses!
Solved! Go to solution.
Here was Meraki supports response:
It appears the attempt was blocked by Snort but it doesn't look like this is a known issue but it appears similar enough to something that is known hence it was blocked by Snort.
Meraki Support isn't actually able to make changes to the existing security policies as they are provided by a 3rd party. We can, however, bring it to their attention and they are constantly providing security updates. Unfortunately we have to wait for a Meraki Firmware update as the changes are baked into the firmware etc.
Have you tried checking the source and destination?
Yes. Source is an IP in the Netherlands. Destination is my front facing IP.
Sounds like a false positive to me, if you don't use Fortinet products then I am not sure why you would see this. Perhaps you should contact support and query it.
I will. Thanks Blake!
It could be a correct detection. I've had similar detections on a firewall that is also non-Fortinet and non-Meraki).
The detection is based on network traffic and connection details.
There will be bad actors on the internet spraying CVE attacks at any available targets, even if they don't know the firewall vendor.
Here was Meraki supports response:
It appears the attempt was blocked by Snort but it doesn't look like this is a known issue but it appears similar enough to something that is known hence it was blocked by Snort.
Meraki Support isn't actually able to make changes to the existing security policies as they are provided by a 3rd party. We can, however, bring it to their attention and they are constantly providing security updates. Unfortunately we have to wait for a Meraki Firmware update as the changes are baked into the firmware etc.