policy check

Hello,

Does any one if fortigate has a way to check what rule will be applied for a given set of conditions like source IP , port etc.

Similar to what other vendors have.

SuperUser

hm I don't know that way but you could do vice versa.

You could enable a flow traces and then hit your FGT with traffic that meets the conditions you want.

Flow trace will show you what happens to it. It will tell you wich policy applied and if that allowed or denied the traffic.

Also it will give you some more hint like if your routing is good or not. It will e.g. tell you if you miss the reverse route.

HTH

Sebastian

New Member

Right at the top of the policy page in the GUI there is an option called "Policy Lookup" that I think does exactly what you're asking.

SuperUser

...but it will fail if the traffic applies to a zone...at least in v5.x

Probably a combination of Policy Lookup and "diag debug flow" will supply most information. For a quick survey, the GUI test will do.

Sign up