Hi,
I wasn't sure which topic that my question fell into since it's a mix of network routing/HA. I found the following error below (some information is redacted) in my firewall logs. I've done research on what was actually happening on the firewall and determined that the firewall's external port (IP X.X.X.X) was reaching out to fortiguard.com (35.197.51.42). The firewall is running HA and I've found that "HA inter-VDOM link interfaces on the primary unit are assigned IP addresses 169.254.0.65 and 169.254.0.66" (http://kb.fortinet.com/kb...o?externalId=FD32155).
Mar 22 06:48:36 devicevrr date=2018-03-22 time=06:48:36 devname=device1 devid=FG200D1111111111 logid=0100020085 type=event subtype=system level=information vd="root" logdesc="session clash" status="clash" proto=6 msg="session clash" new_status="state=04000200 tuple-num=2 policyid=0 dir=0 act=1 hook=4 169.254.0.65:21978->35.197.51.42:80(X.X.X.X:21978) dir=1 act=2 hook=0 35.197.51.42:80->X.X.X.X:21978(169.254.0.65:21978)" old_status="state=00004200 tuple-num=2 policyid=0 dir=0 act=0 hook=3 X.X.X.X:21978->35.197.51.42:80(0.0.0.0:0) dir=1 act=0 hook=1 35.197.51.42:80->X.X.X.X:21978(0.0.0.0:0)"
I'm wondering why the firewall would have attempted to respond on the HA IP address 169.254.0.65. I wasn't able to find any other log entries which indicated that this was happening. This only was noticed due to the session clash that occurred between the HA IP and the external IP. Any clarification would be appreciated.
Thanks, Dan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Read this
http://kb.fortinet.com/kb/viewContent.do?externalId=FD32155
is that explicable to your situation?
Ken
PCNSE
NSE
StrongSwan
We saw this traffic specifically destined to FortiGuard so if it works similarly to a FortiAnalyzer then it could be. I'm not sure how I would determine if the FortiGates are running MR7, but we are using HA.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.