Fortigate 20XF after upgrade to 7.6.4 have some mgmt traffic access fortiguard in forward traffic

VincentCheung · ‎10-22-2025

We have several Fortigate units (30XE and 20XF) that were upgraded from version 7.2.X to 7.6.4. After the upgrade, we noticed some strange traffic behavior.

We have defined a custom management IP and restricted it from accessing the Internet(Deny). However, after the upgrade(7.2.X>7.6.4), we observed some forward traffic where the source is the management IP and the destination is FortiGuard (which is abnormal).

At the same time, in the local traffic, we can see that the FortiGate’s WAN IP is also connecting to FortiGuard, and that traffic is allowed — which is expected (normal service)

My question is: since this unexpected forward traffic started appearing after the upgrade, could this be a bug in version 7.6.4?

All of our customer’s FortiGate devices that were upgraded (around six units) are experiencing the same behavior.

VincentCheung · ‎10-22-2025

HI Harry ,

first thanks for your reply , i will try to check with my client if can provide config file .

beside , the situation we see , under 7.6.4 environment , set a Dedicated Management Port , and deny it access internet , Do you see the management ip traffic

in forward traffic ?

source:management IP destination:96.45.45.45 / 96.45.45.46 deny

we have 6 fortigate after upgrade to 7.6.4 do have the same Phenomenon

Fortigate 20XF after upgrade to 7.6.4 have some mgmt traffic access fortiguard in forward traffic

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website