Skip to main content
achu
Staff
achu
Staff
January 8, 2026

Technical Tip: Secondary FortiProxy HA port reaching out to FortiGuard services

  • January 8, 2026
  • 0 replies
  • 139 views
Description

This article describes the secondary FortiProxy HA port reaching out to FortiGuard Public IP address, hitting the implicit deny rule, and spamming the forward traffic logs. This known issue was first reported in the previous version 7.2.3 and was resolved in versions v7.2.9 and v7.4.3. The issue reoccurred after upgrading FortiProxy to v7.4.11. The forwarding logs below show the HA port with an IP address of 169.254.0.34(IP address of Secondary FortiProxy) is generating traffic going to Public IP addresses (173.243.140.16 and 154.52.29.109) that belong to Fortinet.
Scope FortiProxy.
Solution

date=2025-09-18 time=14:11:59 eventtime=1758179518808448781 tz="+0700" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=169.254.0.34 srcport=36056 srcintf="port_ha" srcintfrole="undefined" dstip=173.243.140.16 dstport=443 dstintf="VLAN20" dstintfrole="lan" srccountry="Reserved" dstcountry="United States" sessionid=0 proto=6 action="deny" policyid=0 policytype="policy" service="HTTPS" trandisp="noop" duration=0 sentbyte=60 rcvdbyte=0 sentpkt=1 rcvdpkt=0 shapingpolicyid=1 shapingpolicyname="Limit_Bandwidth_All_User_Policy" shapersentname="shared-1M-pipe" shaperdropsentbyte=0 shaperperipname="Limit_Bandwitch_50Mbps" shaperperipdropbyte=0 appcat="unscanned" crscore=30 craction=131072 crlevel="high"

 

date=2025-09-18 time=14:11:19 eventtime=1758179478894908902 tz="+0700" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=169.254.0.34 srcport=21922 srcintf="port_ha" srcintfrole="undefined" dstip=154.52.29.109 dstport=443 dstintf="VLAN20" dstintfrole="lan" srccountry="Reserved" dstcountry="Japan" sessionid=0 proto=6 action="deny" policyid=0 policytype="policy" service="HTTPS" trandisp="noop" duration=60001 sentbyte=60 rcvdbyte=0 sentpkt=1 rcvdpkt=0 shapingpolicyid=1 shapingpolicyname="Limit_Bandwidth_All_User_Policy" shapersentname="shared-1M-pipe" shaperdropsentbyte=0 shaperperipname="Limit_Bandwitch_50Mbps" shaperperipdropbyte=0 appcat="unscanned" crscore=30 craction=131072 crlevel="high"

 

Solution:

The issue has been addressed, and the fix is included in FortiProxy versions 7.2.15 and 7.4.12.

 

Workaround:

Disable logging in the FortiProxy implicit deny policy.

 

config log setting

    set fwpolicy-implicit-log disable

end
    Terms & ConditionsAccessibility statement