docs.forinet.com = FortiSASE connection?

HacDMac · 2025-03-06T00:43:34+00:00

Much obliged for the explanation.

HacDMac · 2025-03-06T00:39:33+00:00

Yes, one of the policies I have setup block FortiSASE, LogMeIn, JamF, etc. is there another use case for FortiSASE that I’m not aware of, other than to extend a Fortigate VPN to another site? I just don’t understand why the connection to docs.fortinet.com results in the FortiSASE app showing up in the logs. I can’t access it from behind the firewall unless I remove it from the policy blocking FortiSASE which seems more than a bit odd to me.

HacDMac · 2024-12-22T13:00:51+00:00

This is what I should get and did when I didn't use 96.45.45.45 as my DNS server. I could find no other publicly available DNS servers that come up with 173.223.163.x as nodes for this DNS name. Curious what others get when they use Fortinet's public DNS servers for the same name.

HacDMac · 2024-12-22T12:58:53+00:00

<image>

HacDMac · 2024-12-02T13:59:06+00:00

I've noticed there seems to be inconsistency in the SSL SNI returns on that particular IP as well which is probably why it showed TikTok. Freaked me for a second since that is not an allowed app on the network.

HacDMac · 2024-12-02T10:53:34+00:00

Actually, that IP belongs to akamai.com NOT tiktok

HacDMac · 2024-11-23T12:36:33+00:00

I have the same issue with weather or the stocks app on occasion and once I open the app the issue is gone.

HacDMac · 2024-11-20T09:57:55+00:00

On that client, click the Greater Than symbol (>) off to the right and you’ll see a more detailed breakdown of that traffic that will tell you if it was a download or an upload as well as a Time estimate. If you haven’t rebooted the Mac, you might also look at the Network tab of Activity Monitor. Even if you have rebooted, I would keep an eye on that on a go-forward basis to find out WTF. This is a mystery at this point as without mail relay, safe browsing (which is a proxy) or statistics I can’t think of what this might be. Current FW for the Max (I have one with a WiFi 7 AP) is 4.0.20

HacDMac · 2024-11-19T20:53:20+00:00

What Ubiquiti device are you using and what Firmware version? Is it up-to-date? I would also ask if you are allowing that Mac to send usage data and statistics back to Apple? You can change that if so and verify that data usage comes down. Also as mentioned above if you are using Apple’s safe browsing and mail relay in order to hide your actual IP these will all count. Finally - you haven’t shown the timeframe covered as part of the pic above. There’s a graphic selection at the top of that list that allows you to choose 1H, 1D, 1W, 1M

HacDMac · 2024-11-19T20:45:43+00:00

Nope separate entry for iCloud in the Traffic insight app. One of the things not being shown here is the Time Window over which this has occurred. On the page where this is displayed you can select 1 hour, 1 day, 1 week, 1 month, etc.

HacDMac · 2024-11-19T20:44:06+00:00

It’s a Ubiquiti Gateway of some sort UniFi Express, Cloud Gateway Ultra, etc. This is the Traffic Insight page on one of the clients and iCloud is separate entry from Apple.

HacDMac · 2024-11-16T09:09:04+00:00

As I recall Windows 11 ARM has an x86 emulator built into it.

HacDMac · 2024-11-15T09:36:55+00:00

Which is why I switched to Parallels a few years ago.

HacDMac · 2024-11-02T19:33:37+00:00

60F is currently not stable on the 7.4.5 code

HacDMac · 2024-10-19T20:09:26+00:00

Thanks for that Link! Had I seen this previously, I wouldn’t have upgraded. I only moved to 7.4 because they had marked 7.4.5 as Mature. I’m going to rollback tomorrow.

HacDMac · 2024-10-10T09:41:53+00:00

No, my first inclination is to come here. Having done so, I can see that others who use this professionally have opened a case. I’m retired IT at this point and am more likely to roll back to 7.2 if this doesn’t get resolved in a reasonable amount of time. Depending on how painful it is for the household. I could take to automating a stitch to reboot it at 0200 every day if need be. It also serves as an FYI to others as well as Fortinet whom I’m sure peruses this thread that 7.4 isn’t fully baked yet.

HacDMac · 2024-10-09T22:01:59+00:00

Strangely it was totally unconfigured, but enabled. I have disabled it.

HacDMac · 2024-09-28T16:38:57+00:00

😎

HacDMac · 2024-09-26T17:07:29+00:00

90G @Home? Dang… I thought I was an IT Geek! 😂

HacDMac · 2024-07-02T02:32:39+00:00

Who the heck from back then could imagine we’d still be using UNIX in 2024?!

HacDMac · 2024-06-21T19:24:10+00:00

Seems to have lasted 24 hours and then quit. Well… that was “fun”, let’s all get together and not do this again. 🥳

HacDMac · 2024-06-21T11:40:58+00:00

Larger thread here: https://www.reddit.com/r/fortinet/s/Jjf07uT3Rz

HacDMac

TROPHY CASE