Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jmlux
New Contributor III

strange DNS traffic

Hello all,

 

We have noticed non-DNS traffic on port 53 from the Fortigate to the Internet (because we have another firewall between the Fortigate and the Internet ;) )

 

1.2.3.4 1798 208.91.112.196 53 udp flow from InternetTransit:1.2.3.4/1798 to Internet:208.91.112.196/53 terminated by inspection engine, reason - inspector disconnected, dropped packet.

 

Wireshark shows this:

 

What is that??

10 REPLIES 10
jmlux
New Contributor III

localhost wrote:

I agree with ede_pfau.

Do you have a webfilter enabled on a firewall policy?

FG does a FortiGuard lookup, to get the categories for the websites you are visiting.

As I said it's the antivirus for some reason.

There is no web filter active here.

Even if there is no activity, there is this constant UDP stream if antivirus is enabled in a policy.

If you look at the stream it's like some counters counting down, but to what?

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors