FortiSandbox
FortiSandbox provides a solution to protect against advanced threats and ransomware for companies who don’t want to implement and maintain a sandbox environment on their own.
mtse
Staff
Staff
Article Id 334586
Description This article describes that in FortiSandbox, if a web proxy is configured to reach FortiGuard, sometimes it may send UDP packets (instead of TCP packets) to the web proxy.
Scope FortiSandbox.
Solution

This is expected behavior to see UDP packets sometimes being sent by FortiSandbox to the web proxy. It is because FortiSandbox uses SOCKS web proxy for web filtering and 'FortiSandbox Community Cloud' (refer to the documentation below).

4.4.6 FortiGuard

 

  • FortiGuard Web Filter Settings.
  • FortiSandbox Community Cloud & Threat Intelligence Settings.

 

As described in the SOCK5 RFC section below, the SOCK5 proxy will use UDP packets to the proxy.

https://datatracker.ietf.org/doc/html/rfc1928
 '7. Procedure for UDP-based clients'.

 

The document below specifies the TCP and UDP traffic used in the FortiSandbox.

Port and access control information

 

For example, the SOCK5 web proxy is configured in FortiSandbox Web Filtering Settings.

 

mtse_0-1724133460843.png

 

Packet capture showed that FortiSandbox sometimes sends UDP packets to the web proxy.

 

mtse_1-1724133460845.png
Contributors