Technical Note: Change of FortiGuard Filtering Port to mitigate Internet link flaps

druksha · ‎06-02-2016

Description

This article clarifies how to mitigate Internet link flaps in certain scenarios.

Solution

Some modems, ComCast for example, are known to drop the network connection or reboot if they receive non-DNS traffic on UDP port 53 which is well known DNS port, but which is also used to connect to the FortiGuard service.

An example of log messages that can be observed in logs on FortiGate is shown below:

date=2099-05-03 time=17:12:50 logid=0100020099 type=event subtype=system level=information vd="root" logdesc="Interface status changed" action=interface-stat-change status=UP msg="Link monitor: Interface wan1 was turned up"
date=2099-05-03 time=17:12:47 logid=0100020099 type=event subtype=system level=information vd="root" logdesc="Interface status changed" action=interface-stat-change status=DOWN msg="Link monitor: Interface wan1 was turned down"

Note that it is not necessary that the Link Monitor feature is configured, this log message will appear in logs each time the physical link is lost.

This cause can be confirmed by connecting a switch between the FortiGate and a modem.

If the switch has logging functionality then the interface facing the FortiGate will be stable while the interface connected to a modem will be flapping.

The workaround is to use port 8888 for FortiGuard. This can be changed from GUI or CLI.

GUI

System > FortiGuard > Filtering

Select 8888 as “FortiGuard Filtering Port”

CLI

config system fortiguard
set port 8888
end

Technical Note: Change of FortiGuard Filtering Port to mitigate Internet link flaps

You are leaving our website