Technical Tip: Why policy lookup is not happening correctly
Description
This article describes the reasons why policy lookup is not happening correctly.
Solution
Few of the reasons for policy lookup is not happening correctly from GUI are:
1) Wrong source and destination interface given in policy.
Verify this with the routing and sniffer commands as below
- Check the routes of both src and destination with the below command
So it is suggested to check PBR before looking for the policy lookup from GUI.
This article describes the reasons why policy lookup is not happening correctly.
Solution
Few of the reasons for policy lookup is not happening correctly from GUI are:
1) Wrong source and destination interface given in policy.
Verify this with the routing and sniffer commands as below
- Check the routes of both src and destination with the below command
# get router info routing-table details 0.0.0.0Sniff the traffic on FortiGate to know the incoming interface of the traffic flow.
# diag sniffer packet any “ host x.x.x.x “ 4 0 l <----- x.x.x.x being the IP address.2) Most of the cases there could be a policy route in place for the same traffic customer is looking for, due to which the traffic will be hitting a different policy or a implicit policy.
So it is suggested to check PBR before looking for the policy lookup from GUI.