FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 308471
Description This article describes the troubleshooting steps when 'Policy is not active' is showing on the FortiOS debug flow
Scope FortiGate.

Sample debug flow output when the issue is happening:

Screenshot 2024-04-05 104918.png

Policy 2 status is enabled however the desired traffic does not match the expected policy and is dropped by the implicit deny policy:



'Policy is not active' error logs are typically associated with Schedule misconfiguration under firewall policy.

In this case, under Policy & Objects -> Schedules, the applied recurring schedule under policy 2 ('always') is misconfigured as no days are checked.


The issue should be resolved if the schedule applied to the firewall policy is properly configured.

In this case, check all the days under the 'always' recurring schedule for the policy to be effective.




After the change, the 'policy is not active' error no longer appears in the debug flow. It is possible to verify that the traffic matches policy 2 as expected.

debug flow.png