" Denied by forward policy check"

Forum|Forum|13 years ago
December 3, 2012
5 replies
5638 views

Has anybody run in this before. I' ve actually got a policy in place and it shows an increase in " count" but I can' t get traffic to pass. I' ve looked at the KB article related to it and still can' t figure out why traffic is denied. The logs slow policy 0 which is the implicit deny rule. id=36871 trace_id=1204 func=resolve_ip_tuple_fast line=3769 msg=" vd-root received a packet(proto=6, 172.16.50.231:53040->74.125.224.85:443) from ssl.root." t." id=36871 trace_id=1204 func=resolve_ip_tuple line=3909 msg=" allocate a new session-000b12e0" id=36871 trace_id=1204 func=vf_ip4_route_input line=1591 msg=" find a route: gw-74.125.224.85 via ssl.root" id=36871 trace_id=1204 func=fw_forward_handler line=430 msg=" Denied by forward policy check"

rwpatterson

New Member

Check below: http://support.fortinet.com/forum/tm.asp?m=91501&p=1&tmode=1&smode=1

TopJimmyAuthor

New Member

already did that and still now go. Like I said, I have a policy so the article doesn' t help. I even deleted it and re-created it and that didn' t help. Looks like I' ll create a ticket with Fortinet.

emnoc

New Member

Your being dropped via one of 2 two reason; fwpolicy or lack of static route for ssl. try to add a static entry for the SSL_VPN pool members ; edit 5 set device " ssl.root" set distance 100 set dst x.x.x.x 255.255.255.255 next And re-test

TopJimmyAuthor

New Member

Thanks emnoc! It was the route. I had the route 0.0.0.0/0.0.0.0 to the ssl.root and once I created a route for the IP' s I' m using for the tunnel, everything started working.

emnoc

New Member

Cool.... been brunt myself numerous times by that :)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded