Setup = 2 X FortiGate 100D Hardware Appliances (Active Passive) v5.2.8, build 727. NAT Mode.
Hi all,
We are experiencing a strange situation here and I was wondering if anyone had experienced something similar.
We are seeing entries in traffic logs which indicate DNS requests being made to the online FortiNet DNS Servers (208.91.112.53 & 208.91.112.52) from network clients. Nothing unusual there, but the Application Name being returned in the log entries is not DNS as expected but, WhatsApp & WhatsApp_File.Transfer.
Has anyone any suggestion as to why these DNS requests are being mis-classified in this way?
Many thanks,
John P
Solved! Go to Solution.
Not seen this before but you should open a ticket with Support so that the FortiGuard team is notified.
They are Proto=17 or UDP.
I am wondering what the diag traffic for dstport=53 or dnsproxy would show as the return packet. We noticed an issue with my IP Connection Error on DNS when I enabled all session logging on the interfaces.
That is the command. Do a putty session to the firewall. Set the logs to save to desktop. Run it and capture the traffic. See what is going on with it. diag sniffer packet any 'host xx.xx.xx.xx and port 53' 6 xx.xx.xx.xx can be the workstation, server or WAN port address.
My problem was buying the base 60E unit without the $350 UTM licenses. The engineers at Fortinet did not know that part of each feature can be enabled without the $350 licenses. When I got the right information, I found a solution. Fortinet management does not think it is necessary to break the base license features from the advanced licensed features because everyone spends the extra money on a unit for your home. I bought the $830 unit with 24x7 support for the layer 3 routed ports for my Cisco VIRL virtual lab. I could not justify over $1200 for everything for my home. Fortinet is thinking in terms of selling today not improving the product for tomorrow. About your problem, they seems like a we have no clue answer. I would be curious to see the diag sniffer packet ran on your WAN port as host. See what is in it that is the results.
User | Count |
---|---|
1025 | |
843 | |
495 | |
440 | |
145 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.