FortiClient blockes 1PW because of Ostrich.VPN

kalanthes
kalanthes
Community Member
edited April 15 in Windows

Our work PC is using FortiClient which blocks 1PW.
This notification is triggered several times a day.


Is there a way to disable the VPN connection in 1PW?
For what is this connection used? Sync of the vaults?


1Password Version: 8.10.28
Extension Version: Not Provided
OS Version: Win 10 Enterprise Edition, 64-bit (build 19045)
Browser: Not Provided

[Removed screenshot at customer’s request -Ali H]

Comments

  • Dave_1P
    edited April 15

    Hello @kalanthes! 👋

    Thank you for reaching out. At a first glance, this looks like FortiClient might be misidentifying and mislabeling traffic. The team would like to investigate this further and request some logs from your end so that we can get to the bottom of this. Please send an email to support+forum@1Password.com and include a link to this thread.

    After emailing in, you'll receive a reply from BitBot, our friendly robot assistant with a Support ID that looks something like [#ABC-12345-678]. Post that here, and I'll be able to locate your message and make sure it's gotten to the right place. 🙂

    -Dave

  • kalanthes
    kalanthes
    Community Member

    Hi Dave,

    thanks for the fast reply.
    Here is the support ticket ID: KEW-33282-826.
    Just tell me what information or logs you need and I will gather everything

  • Dave_1P
    edited April 15

    @kalanthes

    Thank you for posting the Support ID, I see that my colleague just sent you a reply with details about the logs that we'd like to see. Please continue the conversation over email.

    -Dave

    ref: KEW-33282-826

  • ImNotAnOstrich
    ImNotAnOstrich
    Community Member

    Hello,

    I have been contacted by the service desk of my employer for the same reason:

    Description: High Number of App "Ostrich.VPN" blocked from Single Source
    1Password.exe established connection with 104.17.175.230:443 (api.pwnedpasswords.com)
    1Password.exe has initiated a TLS connection to https://api.pwnedpasswords.com

    Why is 1Password mistaken for Ostrich VPN and how can I prevent this from happening?

  • @ImNotAnOstrich

    Thank you for reaching out, the team is still collecting information about the issue from customers who report running into this. Please send an email to support+forum@1Password.com and include a link to this thread.

    After sending in the email, you'll receive an auto-reply with a Support ID that looks like this: [#ABC-12345-678]. Post that here and I'll be able to locate your email and provide you with instructions on how to send in logs so that we can investigate this further.

    -Dave

  • ImNotAnOstrich
    ImNotAnOstrich
    Community Member

    I'd like to update any interested party who runs into the same problem on the current situation:

    After stating my problem to the 1Password support team, I received an email two days later, basically telling me to contact Fortinet support by myself to sort this issue out. Please find below the email I've sent as reply:

    Hi,

    To be very honest: I'm very surprised about Fortinet's stance and even more surprised, in a very disappointed way, about your (1Password's) stance on this matter as well.

    After as long as two days, you are relaying the pushback from Fortinet to the customer, on an issue that is obviously not a singular occurrence as can be seen on the support forum instead of insisting with Fortinet to follow up on this situation.

    Let me be clear: I will definitely not approach Fortinet about this as (most probably) I have to involve my employer's service desk and support teams for product versions, release numbers, etc. which will not be welcomed warmly by these teams, and rightfully so.
    Instead, I'd rather look into alternative password managers with a more helpful posture on their customer's issue when the next renewal of my license comes around since I can't use it on my work PC anymore and that's at least half of my use case.

    Best regards

  • ImNotAnOstrich
    ImNotAnOstrich
    Community Member
    edited May 1

    What I forgot to mention:

    I haven't even been provided with any communication channel with Fortinet or a reference ticket number, so I wouldn't even know how to contact them and whether or not this issue has been at all discussed with Fortinet.

  • Hey @ImNotAnOstrich, I've followed up with you via email but I'll provide the update here as well: While discussing the issue with Fortinet, they attempted to reproduce in their own environment but were unable to do so.

    At that point, they requested that affected customer's contact them directly as they are looking to collect some additional information for analysis. There are various details regarding the firewall setup and other information that we're unable to provide, and would need to come from the customer's directly.

    I hope that clarifies things further. If you'd like a ticket reference number I'll be happy to provide that and any additional details over email.

    Ali

  • Hi folks, I've received an update from Fortinet regarding this issue. They noted that they've made signature improvements that are currently in beta testing, which should prevent these notifications from occurring.

    While they didn't specify a timeline for official release, they mentioned the changes should be out soon in an upcoming update.