- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Blocking connection by Implicit Deny
Hello
Probably a stupid question, but can anyone tell me why this connection is being blocked by the Implict Deny firewall rule? In the firewall rules, I have created allowing rules for DNS, HTTPS and some traffic goes through, and some like the one below to Google does not...
date="2023-02-16" time="14:42:13" id=7200748607182471170 bid=4486763 dvid=1043 itime=1676554933 euid=3 epid=1030 dsteuid=3 dstepid=101 logflag=103 logver=702041396 type= "traffic" subtype="forward" level="notice" action="deny" policyid=0 sessionid=898077 srcip="192.168.X.ABC" dstip="142.250.203.193" srcport=54554 dstport=443 trandisp="noop " duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" srcname="TEST1" service="Google-Web" app="Google-Web" appcat="unscanned" srcintfrole= "lan" dsstintfrole="wan" srcserver=0 policytype="policy" eventtime=1676554933387308699 crscore=30 craction=131072 crlevel="high" srcmac="AAAAAA" mastersrcmac="AAAAAA" srchwvendor="HP" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Poland" srcintf="internal" dstintf="wan2" dstinetsvc="Google-Web" dstowner="google.com" threatwgts="{30}" threatcnts="{ 1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0100" dstregion="Masovian" dst city="Warsaw" dstreputation=4 devid="FGTXXXXXXXX" vd="root" devname="XXXXX"
Wojtek
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
The packet does not match any existing firewall policy and therefore matches the implicit deny rule action="deny" policyid=0.
Likely your existing firewall rules are not matching for the src/dst and ports seen in the log entry.
It is very unlikely this issue could be resolved through the forums without knowing your policy framework.
It's recommended to open a support ticket with technical support to have this further investigated so you can share your config for review.
The first steps here would be to collect a debug flow and check the config file.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Ok, I thought so.
I created a support ticket ..
Wojtek
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you show us the policy that you have defined that should match internal->WAN traffic ?
Graham
