Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Traffic from FW to udp port 8888

Does anyone know why my Fortinet 100 is generating traffic from its external interface IP to several internet addresses at udp port 8888? I' m seeing between 6 and eight concurrent sessions all the time. I' m running 2.80 MR6 Thanks, Andrew
3 REPLIES 3
Alex_Libenson
New Contributor

8888 is FortiGuard web filtering and 8889 is FortiShield spam filtering. Do you have FortiGuard enabled?

Yup ... that might do it. Funny thing is that I' ve actually turned off the category block rules (ie allow all) in the protection profile yet it' s still generating the traffic. If it doesn' t need to check a url then why would it still be generating connections? Not a big deal ... just wondering.
wellington
New Contributor

If you have FortiGuard enabled web filter -> category block -> enable service then it starts to monitor the fortiguard servers around the world for the best/closest/fastest it' s probably this monitoring that you are seeing. The monitor is probably not checking whether the service is turned on in a profile but is building a list of servers for when you do have a profile that uses fortiguard. If you uncheck ' enable service' the packets should stop. Of course if they don' t then my idea is invalid!
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors