Hello,
we have some strange behavior here with a policy. Its really a simple setup with just one policy pointing from LAN to Internet.
The problem here is that sometimes the policy blocks the traffic and sometimes not. Its like a random choice if the firewall let passtrough the traffic or not. There are no filters set for this policy so it should behave like a router. There is no active subscription on the Fortigate.
This error message appears when the traffic is blocked (can be any traffic type, message is same, in this case simple ping):
------------------------------------
Application
Application Name PING
Category unscanned
Protocol icmp
Service PING
Data
Received Bytes 0 B
Sent Bytes 0 B
Sent Packets 0
Sent Shaper Bytes Dropped 0 B
Action
Action Deny: policy violation
Threat 131072
Policy 18
Policy UUID 03bfb666-ffd0-51e9-27ac-5cac18848f72
Policy Type policy
Per-IP Shaper Name PerIP-Max-2000
Sent Shaper Name MAX-6000
When the traffic passes trough, this message is logged:
------------------------------------
Application
Application Name PING
Category unscanned
Protocol icmp
Service PING
Data
Received Bytes 168 B
Received Packets 2
Sent Bytes 168 B
Sent Packets 2
Sent Shaper Bytes Dropped 0 B
Action
Action Accept
Policy 18
Policy UUID 5efcee64-ffd4-51e9-311f-7624f2d29967
Policy Type policy
Per-IP Shaper Name PerIP-Max-2000
Sent Shaper Name MAX-6000
Anyone any idea on this? If nothing helps we will format the fortigate and configure from scratch.
Thanks a lot
No comments:
Post a Comment