I’m using the same Application policy I was in v17 but with EAP2, I have seven of these entries over the past two day:
2019-11-29 06:33:18Application filtermessageid="17051" log_type="Content Filtering" log_component="Application" log_subtype="Denied" fw_rule_id="7" user="" user_group="" appfilter_policy_id="9" category="Proxy and Tunnel" app_name="Manual Proxy Surfing" app_risk="0" app_technology="" app_category="" src_ip="172.16.16.20" src_country="R1" dst_ip="17.253.27.202" dst_country="USA" protocol="TCP" src_port="65471" dst_port="80" bytes_sent="0" bytes_received="0" status="" message="" appresolvedby="Signature"
The source IP is an Apple AirPort Time Capsule and the destination IP appears to be an Apple server.