Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ereddy
Staff
Staff

Created on ‎11-23-2020 03:01 AM

Article Id 193879

Technical Tip: Why policy lookup is not happening correctly

Description
This article describes the reasons why policy lookup is not happening correctly.

Solution
Few of the reasons for policy lookup is not happening correctly from GUI are:





1) Wrong source and destination interface given in policy.
Verify this with the routing and sniffer commands as below

- Check the routes of both src and destination with the below command
# get router info routing-table details 0.0.0.0
Sniff the traffic on FortiGate to know the incoming interface of the traffic flow.

# diag sniffer packet any “ host x.x.x.x “ 4 0 l      <----- x.x.x.x being the IP address.
2) Most of the cases there could be a policy route in place for the same traffic customer is looking for, due to which the traffic will be hitting a different policy or a implicit policy.

So it is suggested to check PBR before looking for the policy lookup from GUI.

2250
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.