Created on 08-27-2024 11:13 PM Edited on 08-27-2024 11:14 PM By Jean-Philippe_P
Description | This article describes how to find policy ID when logging is disabled on the policy. |
Scope | All. |
Solution |
There are many ways to find policy IDs for traffic on FortiGate.
Method 1: Policy match in the webUI and CLI.
Refer to the article: Update policy lookup tool with policy match tool 7.4.1
Method 2: dia de flow commands.
Run these commands first then generate the traffic.
Follow the article: Debugging the packet flow.
Example: Topology below:
Client (10.10.10.2)---------------(10.10.10.1)FGT----------------------Internet.
FortiGate-80E # dia de flow filter addr 10.10.10.2 FortiGate-80E # dia de flow trace start 10 FortiGate-80E # dia de en
id=65308 trace_id=4 func=print_pkt_detail line=5886 msg="vd-root:0 received a packet(proto=1, 10.10.10.2:1->8.8.8.8:2048) tun_id=0.0.0.0 from lan. type=8, code=0, id=1, seq=6." id=65308 trace_id=4 func=init_ip_session_common line=6063 msg="allocate a new session-011766e2" id=65308 trace_id=4 func=vf_ip_route_input_common line=2613 msg="find a route: flag=04000000 gw-10.9.15.254 via wan1" id=65308 trace_id=4 func=__iprope_tree_check line=539 msg="gnum-100004, use addr/intf hash, len=2" id=65308 trace_id=4 func=get_new_addr line=1269 msg="find SNAT: IP-10.9.0.240(from IPPOOL), port-60418" id=65308 trace_id=4 func=fw_forward_handler line=991 msg="Allowed by Policy-1: SNAT" ß------ Policy ID 1 id=65308 trace_id=4 func=__ip_session_run_tuple line=3433 msg="SNAT 10.10.10.2->10.9.0.240:60418"
Method 3: Session list. Follow the article: Troubleshooting Tip: FortiGate session table information
FortiGate-80E # dia sys session filter src 10.10.10.2 FortiGate-80E # dia sys session filter dst 8.8.8.8 FortiGate-80E # dia sys session list
session info: proto=1 proto_state=00 duration=33 expire=27 timeout=0 refresh_dir=both flags=00000000 socktype=0 sockport=0 av_idx=0 use=3 origin-shaper= reply-shaper= per_ip_shaper= class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255 state=may_dirty npu statistic(bytes/packets/allow_err): org=120/2/1 reply=120/2/1 tuples=2 tx speed(Bps/kbps): 0/0 rx speed(Bps/kbps): 0/0 orgin->sink: org pre->post, reply pre->post dev=28->5/5->28 gwy=10.9.15.254/10.10.10.2 hook=post dir=org act=snat 10.10.10.2:1->8.8.8.8:8(10.9.0.240:60418) hook=pre dir=reply act=dnat 8.8.8.8:60418->10.9.0.240:0(10.10.10.2:1) misc=0 policy_id=1 pol_uuid_idx=647 auth_info=0 chk_client_info=0 vd=0 serial=01181f40 tos=ff/ff app_list=0 app=0 url_cat=0 rpdb_link_id=00000000 ngfwid=n/a npu_state=0x000c00 ofld-O ofld-R npu info: flag=0x81/0x81, offload=8/8, ips_offload=0/0, epid=64/82, ipid=82/64, vlan=0x0000/0x0000 vlifid=82/64, vtag_in=0x0000/0x0000 in_npu=1/1, out_npu=1/1, fwd_en=0/0, qid=3/2, ha_divert=0/0
policy_ID field tells the policy number traffic hits. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.