Hi
I am seeing this error on a number of our MacOS clients but I have no idea how to debug where this comes from.
Is there a way to see more infrormation on this?
The clients all connect to an EMS solution - but this just shows a count, a threat ID of 0 and the same message.
Thanks in advance
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello
When you export FCT logs, you can check the file appfw.log, it may contain further info about the issue.
hmm, not really
20241022 10:21:44.597 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=0 dstaddr=10.10.1.95:65190
20241022 10:39:23.365 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=8 dstaddr=209.85.203.138:443
20241022 10:40:10.392 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=0 dstaddr=10.10.1.25:49030
20241022 12:26:05.687 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=8 dstaddr=ff02::b:37809
20241022 12:44:51.390 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=8 dstaddr=10.10.1.25:55193
20241022 13:05:15.357 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=8 dstaddr=74.125.193.95:443
20241022 13:17:09.149 TZ=+0100 [appfw:WARN] ips_utils:531 IPS_INFO: name="Unknown.Application" severity=0 vid=0 app_cat=0 group=application action=Pass(0) flags=0 dstaddr=10.10.1.114:50565
The two public IP addresses listed resolve to be google!
The private addresses are things on the local network - such as an AppleTV device so I can only assume that they are broadcasting or something.
With severity=0 and no obvious issues from the client side, I wonder what the purpose of these errors are
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.