Today we started getting error messages from Google saying they detected " unusual traffic" from our network, and blocking our searches. I' ve done some research, and will be looking for malware, etc on the users' PCs, but also want to look at the traffic. We' re running a 60C with minimal features running (pretty much UTM only) due to memory issues. I' m going to enable IPS for a while tomorrow to see if anything hits, but wanted to know if anyone has run across this and had any ideas on what to look for in traffic logs (apps, UDP ports, etc) since Google doesn' t give any info on destination addresses, types of traffic, etc - just " unusual" .
Thanks netmin, I had looked at that page, and reported the situation to Google as well. And virus scans this morning came up clean.
But what I was wondering was if there was a particular signature to look for in the FGT logs - addresses, applications, UDP ports, etc. that would help me narrow down my search for the culprit. Other than just " who has the most outbound traffic" .
Seems to be OK today though.
" unusual traffic" can also mean that someone might' ve picket your address range to target another system.
Since the attacker is not interested in flooding his/her own system with the answer, the source could be faked for something unrelated.
Check the traffic log also for any " unusual traffic" coming in.
They are mainly referring to web crawlers or robots (like click bots). That was usually http or https traffic to google servers.
I would investigate 24h high or constant session counts from individual PCs (i.e. using FortiView graphs/stats on 5.2.x) or session history graphs first. FortiView does also allow for more drill down.
Unfortunately they don' t state more in details _when_ one gets flagged (invalid/suspicious browser agents, constant query rates or special query types).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.