Google drive trigger UDP flood
When the application (google drive)upload or sync file, the traffic will trigger the DOS UPD flood as below.
itime=1436345294 dstname=tl-in-f116.1e100.net device_id=FG600B3909601201 log_id=18432 subtype=anomaly type=ips pri=alert policyid=0 serial=0 attack_id=285212772 severity=critical sensor=block_flood src=*.*.*.* dst=64.233.189.116 src_port=56355 dst_port=443 src_int=port4 dst_int=N/A status=clear_session proto=17 service=https user=N/A group=N/A ref=http://www.fortinet.com/ids/VID285212772 count=507 incident_serialno=0 msg="anomaly: udp_flood, 2074 > threshold 2000, repeats 507 times" vd=root identidx=0 attack_name=udp_flood intf_policyid=0 date=2015-07-08 time=16:48:14
itime=1436345279 dstname=tl-in-f116.1e100.net device_id=FG600B3909601201 log_id=18432 subtype=anomaly type=ips pri=alert policyid=0 serial=0 attack_id=285212772 severity=critical sensor=block_flood src=….dst=64.233.189.116 src_port=56355 dst_port=443 src_int=port4 dst_int=N/A status=clear_session proto=17 service=https user=N/A group=N/A ref=http://www.fortinet.com/ids/VID285212772 count=699 incident_serialno=0 msg="anomaly: udp_flood, 2001 > threshold 2000, repeats 699 times" vd=root identidx=0 attack_name=udp_flood intf_policyid=0 date=2015-07-08 time=16:47:59
How to except the similar action?
I find the official configuration suggestion as below link.
How does the fortigate configure the dos sensor to pass the domain name which express include *.
Does the address object support the configuration that FQDN include wildcard.
https://support.google.com/drive/answer/2589954?hl=en&ref_topic=14951