Skip to main content
fortinetuser2020
fortinetuser2020
New Member
October 14, 2017
Question

port 80 being blocked for all sorts of destinations, even that it's allowed on policy

  • October 14, 2017
  • 1 reply
  • 18643 views

look at this 

i have 1000's of these blocks for many diferent destinations with many dieferent sources on my network

the one thing they all have in common, they have no session id

why is that?

 

1 reply

EMES
EMES
New Member
October 14, 2017
The firewalls don't, by default, create sessions for dropped sessions. You can disable that by running the following. http://docs.fortinet.com/...sions-to-session-table
emnoc
emnoc
New Member
October 15, 2017

You stated earlier

 

 

 

even that it's allowed on policy

 

 

 

I would  find out what is blocking these and review  your firewall policies

 

 

e.g

 

 

diag debug reset

diag debug enable

diag debug flow fil dport 80

diag debug flow fil  addr x.x.x.x <--- place one of your internalsources addresss here

diag debug flow show console enable

diag debug flow  trace start 100

 

 

Start traffic to the destination and review what's happening

 

 

 

 

Terms & ConditionsAccessibility statement