Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
VincentCheung
New Contributor

Created on ‎10-22-2025 08:05 AM

Fortigate 20XF after upgrade to 7.6.4 have some mgmt traffic access fortiguard in forward traffic

We have several Fortigate units (30XE and 20XF) that were upgraded from version 7.2.X to 7.6.4. After the upgrade, we noticed some strange traffic behavior.

 

We have defined a custom management IP and restricted it from accessing the Internet(Deny). However, after the upgrade(7.2.X>7.6.4), we observed some forward traffic where the source is the management IP and the destination is FortiGuard (which is abnormal).

 

At the same time, in the local traffic, we can see that the FortiGate’s WAN IP is also connecting to FortiGuard, and that traffic is allowed — which is expected (normal service)

 

My question is: since this unexpected forward traffic started appearing after the upgrade, could this be a bug in version 7.6.4?

 

All of our customer’s FortiGate devices that were upgraded (around six units) are experiencing the same behavior.

 

12.png

 

Labels:
190
0 Kudos
10 REPLIES 10
AEK
SuperUser
SuperUser

Created on ‎10-22-2025 08:46 AM

  • When you double-click on the log, what is the source interface and destination interface?
  • Is the "Dedicated Management Port" enabled for the mgmt interface?
AEK
AEK
167
VincentCheung
New Contributor
In response to AEK

Created on ‎10-22-2025 08:52 AM

Not sure , just confirm that we didn't see that kind of situation in version 7.2.X , this the first time to see after upgrade to version 7.6.4 , and all of those fortigate which version is 7.6.4 all of this situation 

163
0 Kudos
AEK
SuperUser
SuperUser
In response to VincentCheung

Created on ‎10-22-2025 09:25 AM

We may be able to help if you can provide the requested information.

AEK
AEK
149
0 Kudos
VincentCheung
New Contributor
In response to AEK

Created on ‎10-22-2025 09:28 AM

understood , i will capture related point when i arrived client location 

145
0 Kudos
VincentCheung
New Contributor
In response to AEK

Created on ‎10-23-2025 11:05 AM

HI Sir ,

 

hope you are doing well , this is the info 

 

1.png2.png3.png4.png

80
0 Kudos
AEK
SuperUser
SuperUser
In response to VincentCheung

Created on ‎10-23-2025 11:29 AM

Hi Vincent

According to the screenshots the query is leaving mgmt interface to your network, then entering from x1 interface and wants to exit from port1 interface, but there is no firewall policy to allow this traffic.

So either add this firewall rule (src: mgmt_IP, srcintf: x1, dstintf: port1), or simply change the local-out interface for FortiGuard to port1, from menu Network > Local Out Routing.

AEK
AEK
76
0 Kudos
funkylicious
SuperUser
SuperUser

Created on ‎10-22-2025 08:55 AM

try setting the local-out interface for FortiGuard, https://docs.fortinet.com/document/fortigate/7.6.4/administration-guide/848980/local-out-traffic 

"jack of all trades, master of none"
"jack of all trades, master of none"
159
0 Kudos
VincentCheung
New Contributor
In response to funkylicious

Created on ‎10-22-2025 10:01 AM

hi funky , 

i see , i will try this 

123
0 Kudos
HarryTran
Staff
Staff

Created on ‎10-22-2025 09:30 AM

Hi @VincentCheung

I would love to reproduce the behavior in lab, would you share me a config file via my official email thiep@fortinet.com.

Much appreciate your help!

 

Regards,

Harry

144
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.