Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Hiromu
Staff
Staff

Created on ‎09-16-2025 12:51 AM Edited on ‎09-16-2025 10:09 PM By Moderator

Article Id 410965

Troubleshooting Tip: Loopback logs appear periodically after an upgrade

Description This article describes the cause of HTTP logs showing the loopback source IP address (127.0.0.1) after an upgrade.
Scope FortiGate v7.2/v7.4/v7.6.
Solution

After an upgrade, the following traffic log may be generated at five-minute intervals.

 

date=YYYY-MM-DD time=00:00:00 devname="FORTINET" devid="FG3H0E5811103124" eventtime=1749394956898473462 tz="+0900" logid="0001000014" type="traffic" subtype="local" level="notice" vd="root" srcip=127.0.0.1 srcport=1342 srcintf="root" srcintfrole="undefined" dstip=127.0.0.1 dstport=80 dstintf="root" dstintfrole="undefined" srccountry="Reserved" dstcountry="Reserved" sessionid=51655692 proto=6 action="close" policyid=0 service="HTTP" trandisp="noop" app="HTTP" duration=2 sentbyte=400 rcvdbyte=670 sentpkt=6 rcvdpkt=4.

 
This behavior is expected and is output by FortiCron, which checks whether the Node.js daemon is running. FortiCron monitors Node.js at regular intervals, and this check generates local traffic that is recorded as a local traffic session.

Log consistency can be confirmed by verifying that the timestamps of the Node.js debug log align with the traffic log.

 

FORTINET # diagnose debug application nodejs -1
FORTINET # diagnose debug enable

 

[node Node API Handler - 1751274021 info] - New GET reqest for "/api/v2/service/health-check/ping" from "127.0.0.1:9064"
[node Node API Handler - 1751274021 info] - User-Agent: "undefined"
[node Node API Handler - 1751274021 info] - Checking request content.
[node Node API Handler - 1751274021 info] - Local Node.JS API request authorized.
[node Node API Handler - 1751274021 info] - endpoint: health-check, action: ping
[node Node API Handler - 1751274021 info] - remoteIpAddress: 127.0.0.1
[node Node API Handler - 1751274021 info] - Completed request for "/api/v2/service/health-check/ping" (HTTP 200).

 

99
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.