Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Created on ‎09-23-2008 08:50 AM

TCP traffic for IP address 1.1.1.1

After the installation of FortiClient version 3.0.595 on my notebook I began to see TCP traffic for the IP address 1.1.1.1. I tried to scan my PC for a possible trojan but I didn' t find anything. Then, looking at the connections list, I discovered that the application FortiProxy.exe seems to be responsible for this traffic. Putting a firewall rule to block it produce a log entry like this: proto=TCP service= status=deny src=192.168.1.10 dst=1.1.1.1 src_port=48246 dst_port=37955 server_app=1 pid=-1 app_name=" " traff_direct=OUT block_count=1 logon_user= msg=" blocked traffic" with the src_port and dst_port changing all the time. As this behavior is very peculiar I' d like to know if some has seen something similar. Thank you!
1728
0 Kudos
4 REPLIES 4
abelio
SuperUser
SuperUser

Created on ‎09-23-2008 09:11 AM

Yes, that traffic to 1.1.1.1 port 80 are generated by FC internal http proxy tests, it never reach the physical network; if you use kaspersky antivirus your Fortiproxy will do some tests and finally disable itself if those tests fail; I asked support for that and they told that those should be not a problem.

regards




/ Abel

regards / Abel
1548
0 Kudos
Not applicable

Created on ‎09-25-2008 11:39 PM

Thank you for your answer! In my case I saw that that traffic actually reach the physical network but the forticlient firewall is able to stop it. Even if I didn' t put a specific rule to stop it, it seems to last forever and it' s not only for port 80 but also for high ports. For me it is a problem because I cannot keep the firewall log enabled and because I often use a network monitor application for development purposes I will try if there is a way to disable these fortiproxy tests...
1548
0 Kudos
vanc
New Contributor II

Created on ‎09-27-2008 11:50 PM

Proxy self test can be disabled in build 3.0.599 (MR7 patch-1). It also fixed the packet leakage. If you can wait for a bit more time, patch-2 will be out next week. You can try it.
1548
0 Kudos
Not applicable

Created on ‎09-28-2008 02:25 AM

Great, thank you! I will keep the filter until the patch solve the problem. I' m also happy to know that it was really a small problem related to the forticlient and not a trojan... Regards.
1548
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.