Intermittent Policy Deny with Destination Interface Unknown

Forum|Forum|8 years ago
September 12, 2017
1 reply
5689 views

Hi,

We have several Fortigates, all running v5.4.5, that are showing the following problem.

In the Traffic log we see intermittent Policy Violations with Deny as the Firewall Action. The Destination Interface is listed as Unknown-0 and the Message is "no session matched".

Yet, in this same log, there are entries with the exact same Source / Destination IPs and Service as above but show Accepted with the proper destination interface.

The traffic happens to be firewall management https traffic to the loopback.0 interface, if that makes a difference.

Does anyone have an idea what's going on here?

Thanks for your time.

Larry

5.4

emnoc

New Member

provide a snippet of the log message.

(Qs)

With destination not being know is that learned thru a dynamic routing protocol?

Did you have flapping or instability in the network going on?

Ken

LarW63Author

New Member

Hi,

Attached is a log snippet from LogView in Fortimanager.

The loopback IP is indeed advertised through OSPF, however no state changes or flapping occurred. These Policy Violations occur fairly regularly in the log, in between Accepts.

Thanks,

Larry

Log - Policy Violation.JPG

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded