Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
joebrug
New Contributor

FG200D with 5.4.4

Over the weekend, I upgraded our FG200D from 5.2.10 to 5.4.4. everything seemed to go fine, except for today, when a user tried to access his Outlook client which uses IMAP to his gmail account. He's getting error messages.. and I'm seeing a "Action Deny: IP connection error" to 172.217.*.* addresses, Application says "QUIC". I'm assuming this is why he's getting errors, has anyone seen similar behavior? the Security Details tab says:

Application Control

Sensor block-streaming
Event Type app-ctrl-all
Message Network.Service: QUIC,
Profile Type applist

 

All the rest of the QUIC logs show Allowed, so not sure why this one line seems to be getting denied. Actually, the details of the log entry show "approved" but it says Deny and the red circle with line through it.

 

General
Date 02/21/2017
Time 16:50:53
Session ID 983831
Virtual Domain root

Source
IP 10.10.20.17
Port 55912
Interface lan
User JWALLACE

Destination
IP 172.217.5.99
Host Name gstaticadssl.l.google.com
Port 443
Interface wan1

Application
Sensor block-streaming
Name QUIC
ID 40169
Category Network.Service
Risk
Protocol udp

Action
Action Deny: IP connection error
Security Action Allowed
Threat 262144
Policy 1
Policy UUID 17771158-960e-51e4-0949-71d5331cd4d5
Policy Type IPv4

Security
Level
App Events 1
Threat Level low
Threat Score 5

1 REPLY 1
joebrug
New Contributor

never mind! Turns out the user disabled Basic Authentication to his google account. Re-enabling that made outlook work right away. Just a coincidence that it happened at same time as firmware upgrade. Sigh ;)

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors