Re: Has anyone spotted any issues with internet service database (ISD) in 6.2.2
Cut / paste from Fortinet support:
The root cause is that ISDB uses 3 parameters (protocol, port and IP address) to identify a service. In most cases, it is correct. Unfortunately, it is not true for the Office365 case as a source.
As TCP traffic usually selects a random port as source port. So, we just ignore the port when identifying an Internet service as source. As an example, the traffic is simplified to <6, 0, 22.214.171.124> from <6, 38045, 126.96.36.199>. In the ISDB, this <6, 188.8.131.52> matches another internet service 327880. So, the traffic is getting recognized as 327880. Therefore, we are having an unmatched case.