Skip to main content
adem_netsys
adem_netsys
Explorer III
December 22, 2024
Question

Active/Deactive Rule Issue

  • December 22, 2024
  • 2 replies
  • 774 views

Hi guys,

 

In an environment with 7.1.5 Enterprise, the incident continues to trigger after disabling some rules. Have we hit a bug before, has anyone encountered this situation before?

    2 replies

    adem_netsys
    adem_netsysAuthor
    Explorer III
    January 3, 2025

    We switched to version 7.2.4 and we encountered the same situation again, the rule we closed is triggered again and we need to make it active/disable again. I would like to hear your experiences.

    Secusaurus
    Secusaurus
    Contributor III
    January 3, 2025

    Hi @adem_netsys,

     

    Do you experience this behavior after an upgrade? Meaning: Rules that were disabled before the upgrade seem now enabled?

    This might be connected to a known issue and resolved in current versions. You will need to enable and disable the rules again on the GUI, but then it should not happen again.

     

    Or is it not related to an upgrade and rules will still be active although you just disabled them?

    In that case, check

    - if there are sync errors for the rules

    - if some time has passed already (these changes might not be applied to running processes, but after some time)

    - when looking at the incident, is the rule really the one that is disabled?

     

    If everything looks correct from here, TAC should have a look at that.

     

    Best,

    Christian

    NSE8 | Fortinet Advanced MSSP Partner
    Terms & ConditionsAccessibility statement