Help
FortiProxy
FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching
achu
Staff
Staff

Created on ‎09-19-2025 01:00 AM Edited on ‎09-24-2025 11:36 PM By Community Manager

Article Id 411519

Technical Tip: Strange traffic from IP Address 169.254.0.33 in FortiProxy

Description

This article describes the strange IP Address 169.254.0.33 seen in forward logs in FortiProxy.
Scope FortiProxy.
Solution

From the Sniffer, traffic originating from 169.254.0.33 is displayed.  

 

Cameron-kvm05 (root) # diagnose sniffer packet any  “host 169.254.0.33” 4 0 1

interfaces=[any]

filters=[ host 169.254.0.34]

0.197118 port_ha in 169.254.0.33.64524 - 169.254.0.34.703 syn 623782360

0.197131 port_ha out 169.254.0.34.703 - 169.254.0.33.64524 syn 1203342997 ack 623782361

0.197132 port4 out 169.254.0.34.703 - 169.254.0.33.64524 syn 1203342997 ack 623782361

0.197324 port_ha in 169.254.0.33.64524 - 169.254.0.34.703 ack 1203342998

0.197386 port_ha in 169.254.0.33.64524 - 169.254.0.34.703 psh 623782361 ack 1203342998

0.197387 port_ha in 169.254.0.33.64524 - 169.254.0.34.703 fin 623782438 ack 1203342998

0.197394 port_ha out 169.254.0.34.703 - 169.254.0.33.64524 ack 623782438

0.197395 port4 out 169.254.0.34.703 - 169.254.0.33.64524 ack 623782438

0.197467 port_ha out 169.254.0.34.703 - 169.254.0.33.64524 psh 1203342998 ack 623782439

0.197468 port4 out 169.254.0.34.703 - 169.254.0.33.64524 psh 1203342998 ack 623782439

 

This is an expected behavior as the IP Address 169.254.0.33 is the default IP Address in FortiProxy in HA setup. The HA configuration below shows that port4 is used for the heartbeat. The 'fnsysctl ifconfig' command shows the interface port_ha has assigned a link-local address of 169.254.0.33.

 

config system ha

    set group-name "test"

    set hbdev "port4" 0

    set override disable

end

 

Cameron-kvm05 # fnsysctl ifconfig

lo      Link encap:Local Loopback

        inet addr:127.0.0.1  Mask:255.0.0.0

        UP LOOPBACK RUNNING  MTU:65536  Metric:1

        RX packets:0 errors:0 dropped:0 overruns:0 frame:0

        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

        collisions:0 txqueuelen:1000

        RX bytes:0 (0  Bytes)  TX bytes:0 (0  Bytes)

 

port1   Link encap:Ethernet  HWaddr 00:43:61:6D:05:01

        inet addr:10.47.4.26  Bcast:10.47.15.255  Mask:255.255.240.0

        link-local6: fe80::243:61ff:fe6d:501 prefixlen 64

        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

        RX packets:0 errors:0 dropped:0 overruns:0 frame:0

        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

        collisions:0 txqueuelen:1000

        RX bytes:0 (0  Bytes)  TX bytes:0 (0  Bytes)

 

port2   Link encap:Ethernet  HWaddr 00:43:61:6D:05:02

        inet addr:10.50.4.26  Bcast:10.50.15.255  Mask:255.255.240.0

        link-local6: fe80::243:61ff:fe6d:502 prefixlen 64

        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

        RX packets:0 errors:0 dropped:0 overruns:0 frame:0

        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

        collisions:0 txqueuelen:1000

        RX bytes:0 (0  Bytes)  TX bytes:0 (0  Bytes)

 

port3   Link encap:Ethernet  HWaddr 00:43:61:6D:05:03

        link-local6: fe80::243:61ff:fe6d:503 prefixlen 64

        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

        RX packets:0 errors:0 dropped:0 overruns:0 frame:0

        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

        collisions:0 txqueuelen:1000

        RX bytes:0 (0  Bytes)  TX bytes:0 (0  Bytes)

 

port4   Link encap:Ethernet  HWaddr 00:43:61:6D:05:04

        link-local6: fe80::243:61ff:fe6d:504 prefixlen 64

        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

        RX packets:0 errors:0 dropped:0 overruns:0 frame:0

        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

        collisions:0 txqueuelen:1000

        RX bytes:0 (0  Bytes)  TX bytes:0 (0  Bytes)

 

ha-mgmt Link encap:Ethernet  HWaddr FE:FA:DF:C4:46:13

        UP RUNNING NOARP MASTER  MTU:65575  Metric:1

        RX packets:0 errors:0 dropped:0 overruns:0 frame:0

        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

        collisions:0 txqueuelen:1000

        RX bytes:0 (0  Bytes)  TX bytes:0 (0  Bytes)

 

ha-vsys Link encap:Ethernet  HWaddr 8E:51:55:13:1D:DE

        UP RUNNING NOARP MASTER  MTU:65575  Metric:1

        RX packets:0 errors:0 dropped:0 overruns:0 frame:0

        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

        collisions:0 txqueuelen:1000

        RX bytes:0 (0  Bytes)  TX bytes:0 (0  Bytes)

 

ded-m.root      Link encap:Ethernet  HWaddr 4A:CF:33:24:33:99

        UP RUNNING NOARP MASTER  MTU:65575  Metric:1

        RX packets:0 errors:0 dropped:0 overruns:0 frame:0

        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

        collisions:0 txqueuelen:1000

        RX bytes:0 (0  Bytes)  TX bytes:0 (0  Bytes)

 

port_ha Link encap:Ethernet  HWaddr 00:43:61:6D:05:04

        inet addr:169.254.0.33  Bcast:169.254.0.63  Mask:255.255.255.224

        link-local6: fe80::243:61ff:fe6d:504 prefixlen 64

        UP BROADCAST RUNNING MULTICAST  MTU:1496  Metric:1

        RX packets:0 errors:0 dropped:0 overruns:0 frame:0

        TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

        collisions:0 txqueuelen:1000

        RX bytes:0 (0  Bytes)  TX bytes:0 (0  Bytes)

 

Related article:
Technical Tip: FortiProxy sniffer
Labels:
106
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.