I have a FG1500D bundle configured for a University.
Almost entire traffic of University and also the campus is passing through it.
Routing and policies are working correctly, but I had an issue and maybe you can help me in debugging it.
So, after few days of normal traffic, suddenly connection to some Google servers was blocked and I saw lots of "Failed connection attempts" messages.
Other sites and traffic was working just fine, only the connection to those servers was blocked. Actualy Google wasn't working.
The security profiles for the traffic contains AV in monitoring mode, IPS sensor with all signatures and default action. Nothing special in the rest.
In attach some images with Failed Connection Attempts messages.
I disabled the security profiles - the problem was still there.
I rebooted the equipment, the connection was still blocked for about half an hour.
After half an hour, the connection to Google was working but it was resolving in a different class of IPs.
Next day, Google was working again, and it was again resolving in the previous IPs, when the problem appeared.
The idea is that the traffic was blocked for all users behind the FortiGate. For other users in the network, which do not pass traffic through FortiGate, the problem never appeared.
And another pic attached.
No one? No idea?
Hello Bobby Yo
I am detecting the same issue here with an FG200D (v5.6.4 build1575 (GA)).
Did you find the cause of the erros?
The message is quite often a "false positive" and can be disabled (Off) under Log & Report > Threat Weight > Packet Based Inspection > Failed Connection Attempts.
This may appear due to wrong DNS query or IP host not reachable.
I had the same issue with my Fortigate FTG61, but the problem disapired after a few of days, I did not do anything.
But yesterday, another one FTG60 has the same problem, and I try all what you mentioned without success till yet. :(
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.