Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
nithincs
Staff
Staff

Created on ‎05-05-2020 11:43 PM Edited on ‎06-28-2024 09:00 AM By Community Manager

Article Id 197688

Troubleshooting Tip: 'Deny: policy violation' in logs, IP denied in an allow policy

Description

 

This article indicates that if running into an issue that IP is denied in an allowed policy, follow this article.

If doing a sniffer check,  the traffic comes but there is no forward/exit.

If doing flow debug, notice 'Denied by endpoint check' as mentioned in this article Troubleshooting Tip: Flow filter log message 'Denied by endpoint check'

 

Let’s consider FortiGate policy is configured to allow the traffic from one interface to another.
Incoming traffic matches all the conditions of the policy.



In the logs, action is showing as 'Deny: policy violation' and Communication from source to destination is getting failed.


 
 
This article describes how fix this status.
 

Scope

 

FortiGate.


Solution

 

One of the reasons for this log is source IP is added as 'BAN IP' or quarantined in FortiGate and hence source IP needs to be whitelisted to allow the traffic.
This could be a result of DoS policy.


Go to Monitor -> Quarantine Monitor, select source IP and delete the entry.

 

Related Article:
Troubleshooting Tip: Flow filter log message 'Denied by endpoint check'

33395
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.