FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
fgallardo1
Staff
Staff
Article Id 192811
Description
This article describes how to access a remote web site when an error appears.

Solution
1) Use the debug flow tool to get additional details of the error.
Connect to the command line interface (CLI).


2) Get the destination IP address and run the following commands:
# diagnose debug flow show console enable
# diagnose debug flow show function-name enable
# diagnose debug console timestamp enable
# diagnose debug flow filter addr <destination IP>
# diagnose debug flow fitler  port < service port 80 or 443>
# diagnose debug enable
# diagnose debug flow trace start 100
3) If this error appears:  'iprope_in_check() check failed on policy 0,drop', use the following command to find out if a configuration is causing the issue.
# show full | grep <destination IP> -f
4) From previous command it will search for any match within the configuration, commonly conflicts are with  IP pool and  VIPs.

Related Articles

Troubleshooting Tip : debug flow messages "iprope_in_check() check failed, drop" - "Denied by forwar...

Contributors