Skip to main content
PampuTV
PampuTV
Explorer
July 1, 2022
Solved

FortiGate Debug ret-no-match

  • July 1, 2022
  • 1 reply
  • 17986 views

Hi Community,

 

can someone explain the meaning of "ret-no-match" in a debug flow on a FGT?
As an example debug line see the following:
"2022-07-01 09:04:45 id=20085 trace_id=32985 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept""

 

I understand the line itself but not the meaning of "ret-no-match".

 

Thanks a lot.

 

Kind regards
Dominik

Best answer by PampuTV

Hi @kcheng

 

Thanks for the fast reply!
But how can the action be "act-accept" if the match is "ret-no-match"?

Kind regards
Dominik

1 reply

kcheng
Staff & Editor
kcheng
Staff & Editor
July 1, 2022

Hi @PampuTV 

 

The respective means that based on the firewall policy check, the traffic has no match on policy 6. So the check result return no match (ret-no-match).

    PampuTV
    PampuTVAuthorAnswer
    Explorer
    July 1, 2022

    Hi @kcheng

     

    Thanks for the fast reply!
    But how can the action be "act-accept" if the match is "ret-no-match"?

    Kind regards
    Dominik

    kcheng
    Staff & Editor
    kcheng
    Staff & Editor
    July 1, 2022

    Hi @PampuTV 

     

    The action is referencing the action set on the firewall policy, but not the action taken after the traffic is being evaluated against policy 6. Policy 6 is permitting traffic if it matches the policy. based on the debug flow filter, your traffic does not match firewall policy 6, so it will continue to get evaluatedd by the next policy.

      Terms & ConditionsAccessibility statement