Description | This article describes that in FortiSandbox, if a web proxy is configured to reach FortiGuard, sometimes it may send UDP packets (instead of TCP packets) to the web proxy. |
Scope | FortiSandbox. |
Solution |
This is expected behavior to see UDP packets sometimes being sent by FortiSandbox to the web proxy. It is because FortiSandbox uses SOCKS web proxy for web filtering and 'FortiSandbox Community Cloud' (refer to the documentation below).
As described in the SOCK5 RFC section below, the SOCK5 proxy will use UDP packets to the proxy. https://datatracker.ietf.org/doc/html/rfc1928
The document below specifies the TCP and UDP traffic used in the FortiSandbox. Port and access control information
For example, the SOCK5 web proxy is configured in FortiSandbox Web Filtering Settings.
Packet capture showed that FortiSandbox sometimes sends UDP packets to the web proxy.
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.