Hey,
I was investigating logs coming from a Fortigate firewall, I noticed 4 different firewall actions,( accept / close / client-reset / server-reset), always refers to the same Event ID "Allow Action".
You will find below a screenshots describing the use case.
That's confusing me, can someone please help me and explains to me what does it mean ?
Thank you,
------------------------------
Chawki Ben Salem
Security Operations Center Analyst
------------------------------