Skip to main content
rkacz1
rkacz1
New Member
July 1, 2020
Question

Deny: policy violation... sometimes...

  • July 1, 2020
  • 1 reply
  • 12207 views

Running Fortigate on 6.2.3 and I have a policy set to basically allow all traffic and *sometimes* I get Deny: Policy Violation in the logs referencing this policy.  What could be causing the deny?  It does not happen all the time, just sometimes.  Traffic is hitting the policy correctly.

 

config firewall security-policy   

edit 35       

set uuid <redacted>        

set name "Outbound Allow Everything Else"       

set srcintf "Trust"       

set dstintf "virtual-wan-link"       

set srcaddr4 "all"       

set dstaddr4 "all"       

set enforce-default-app-port disable       

set service "ALL"       

set action accept       

set schedule "always"       

set logtraffic all   

next

end

1 reply

emnoc
emnoc
New Member
July 3, 2020

Where are you seeing the deny ? if it's denied it did not 1> match that policy 2> match a "deny" policy or 3> the implicit "deny" or 4> the protocol was scrub and found in violation.

 

 

Paste logs that you are viewing that shows the deny.

 

 

Ken Felix

 

 

 

rkacz1
rkacz1Author
New Member
July 4, 2020

The deny message was first spotted in the forward traffic log and the entry referenced deny because of that specific policy (35).  However, I have since updated to 6.2.4 and those deny hits seems to have gone away.

Terms & ConditionsAccessibility statement