Help
FortiSIEM Discussions
adem_netsys
Contributor

Created on ‎12-22-2024 01:15 PM

Active/Deactive Rule Issue

Hi guys,

 

In an environment with 7.1.5 Enterprise, the incident continues to trigger after disabling some rules. Have we hit a bug before, has anyone encountered this situation before?

101
0 Kudos
2 REPLIES 2
adem_netsys
Contributor

Created on ‎01-03-2025 05:22 AM

We switched to version 7.2.4 and we encountered the same situation again, the rule we closed is triggered again and we need to make it active/disable again. I would like to hear your experiences.

48
0 Kudos
Secusaurus
Contributor II

Created on ‎01-03-2025 05:41 AM

Hi @adem_netsys,

 

Do you experience this behavior after an upgrade? Meaning: Rules that were disabled before the upgrade seem now enabled?

This might be connected to a known issue and resolved in current versions. You will need to enable and disable the rules again on the GUI, but then it should not happen again.

 

Or is it not related to an upgrade and rules will still be active although you just disabled them?

In that case, check

- if there are sync errors for the rules

- if some time has passed already (these changes might not be applied to running processes, but after some time)

- when looking at the incident, is the rule really the one that is disabled?

 

If everything looks correct from here, TAC should have a look at that.

 

Best,

Christian

FCP & FCSS Security Operations | Fortinet Advanced Partner
FCP & FCSS Security Operations | Fortinet Advanced Partner
42
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.