"iprope_in_check() check failed on policy 0, drop" when trying to ssh a FG100D

Hi,

I don't seem to be able to ssh a FG100D. I think it used to work before, but I'm not sure. I'm not the only one touching the configuration of this firewall.

Interestingly, https gets connected from a neighboring FG101E (IP = 10.248.1.1), but not ssh:

FGT101E_MainOffice # execute telnet 10.248.1.2 4443

Trying 10.248.1.2...

Connected to 10.248.1.2.

Connection closed by foreign host.

FGT101E_MainOffice # execute telnet 10.248.1.2 23

Trying 10.248.1.2...

Timeout!

Failed to connect to specified unit.

This is what debug shows me:

FG100D_LCL_MEETME (root) # id=20085 trace_id=17 func=print_pkt_detail line=5363 msg="vd-root received a packet(proto=6, 10.0.2.112:65284->10.248.1.2:22) from Interconnect. flag , seq 2498853324, ack 0, win 64240" id=20085 trace_id=17 func=init_ip_session_common line=5519 msg="allocate a new session-3dd213af" id=20085 trace_id=17 func=vf_ip_route_input_common line=2583 msg="find a route: flag=80000000 gw-10.248.1.2 via root" id=20085 trace_id=17 func=fw_local_in_handler line=397 msg="iprope_in_check() check failed on policy 0, drop"

Here is the configuration of the interface:

FG100D_LCL_MEETME (root) # show system interface Interconnect config system interface     edit "Interconnect"         set vdom "root"         set ip 10.248.1.2 255.255.255.248         set allowaccess ping https ssh snmp http         set type hard-switch         set alias "to beleu-arc-fw11"         set role lan         set snmp-index 20     next end

So routing and interface configuration are already ruled out as potential causes.

I have Googled the error message to no avail. No NAT is involved, no virtual IPs either.

Any idea?

Thanks,

Vincent