Hi,

I wasn't sure which topic that my question fell into since it's a mix of network routing/HA. I found the following error below (some information is redacted) in my firewall logs. I've done research on what was actually happening on the firewall and determined that the firewall's external port (IP X.X.X.X) was reaching out to fortiguard.com (35.197.51.42). The firewall is running HA and I've found that "HA inter-VDOM link interfaces on the primary unit are assigned IP addresses 169.254.0.65 and 169.254.0.66" (http://kb.fortinet.com/kb...o?externalId=FD32155).

Mar 22 06:48:36 devicevrr date=2018-03-22 time=06:48:36 devname=device1 devid=FG200D1111111111 logid=0100020085 type=event subtype=system level=information vd="root" logdesc="session clash" status="clash" proto=6 msg="session clash" new_status="state=04000200 tuple-num=2 policyid=0 dir=0 act=1 hook=4 169.254.0.65:21978->35.197.51.42:80(X.X.X.X:21978) dir=1 act=2 hook=0 35.197.51.42:80->X.X.X.X:21978(169.254.0.65:21978)" old_status="state=00004200 tuple-num=2 policyid=0 dir=0 act=0 hook=3 X.X.X.X:21978->35.197.51.42:80(0.0.0.0:0) dir=1 act=0 hook=1 35.197.51.42:80->X.X.X.X:21978(0.0.0.0:0)"

I'm wondering why the firewall would have attempted to respond on the HA IP address 169.254.0.65. I wasn't able to find any other log entries which indicated that this was happening. This only was noticed due to the session clash that occurred between the HA IP and the external IP. Any clarification would be appreciated.

Thanks, Dan