Description |
This article describes that he hit count and bytes of the implicit deny rule do not increase on the proxy policy. The deny log was generated, but the hit count does not increase.
This feature has been added after 7.4.0 the version.
Configuration:
config system interface edit "port1" set vdom "root" set ip 10.200.1.1 255.255.255.0 set allowaccess ping set fail-detect enable set type physical set explicit-web-proxy enable set alias "External" set monitor-bandwidth enable set role wan set snmp-index 1 next edit "port3" set vdom "root" set ip 10.0.1.254 255.255.255.0 set allowaccess ping https ssh snmp set type physical set alias "Internal" set snmp-index 3 next
config system settings set gui-explicit-proxy enable
config firewall policy edit 1 set name "allow-all" set uuid b194844a-9c8c-51ed-eda0-9ec8ad8dc5ef set srcintf "port3" set dstintf "port1" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set inspection-mode proxy set http-policy-redirect enable set ssl-ssh-profile "deep-inspection" set logtraffic all set nat enable next
config firewall proxy-policy edit 1 set uuid 2bad4510-9c8c-51ed-0021-b3cee3d6de50 set name "test" set proxy transparent-web set srcintf "port3" set dstintf "port1" set srcaddr "all" set dstaddr "all" set service "webproxy" set status disable set schedule "always" set logtraffic all next end |
Scope |
FortiGate v7.0, v7.2. |
Solution |
Implemented the collection and clear statistics of implicit deny on the 7.4.0 version. The hit count increased when the packet hit the implicit deny rule on the proxy policy. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.