UDP port 8888 denied on Fortigate

Forum|Forum|14 years ago
October 17, 2011
5 replies
4417 views

Hello. I just installed the endpoint Forticlient with Antivirus and Antispam. All of my user are behind a idenity based Fortigate interface. The Fortigate seems to be dropping all UDP 8888 traffic from the client to the FDP servers. I did a debug filter on one the FDP server ip' s and recieved a " Denied by forward policy check" I am sure my firewall policy allows these ports. Thanks

Carl_Wallmark

New Member

Hi, " Denied by forward policy check" means it cannot find the policy that would allow 8888 out on the internet. check to see if you can find a policy that would match, and also check policy order as your users are using Identity based policys, its a little bit tricky sometimes.

A

Anonymous_UserAuthor

Contributor

In the traffic log, the blocked traffic does not have usernames associated with it as opposed to the traffic that is allowed. I checked the policies and the associated policy that allows web traffic is at the top of rule base for that port. What UTM mechanism block 8888/UDP?

A

Anonymous_UserAuthor

Contributor

Could it be that the Forticlient services are try to contact the internet without using the domain user authentication and FSAE is blocking it?

A

Anonymous_UserAuthor

Contributor

Problem resolved. It did have to do with the policy base. I had to add a additional rule above the idenity rule that allowed the port

Carl_Wallmark

New Member

You cannot have ANY rules under the Identity Based Policys, they have to either be IN the policy or ABOVE the Identity Based Policy.