Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
wotik
New Contributor III

Created on ‎02-16-2023 05:57 AM

Blocking connection by Implicit Deny

Hello

 

Probably a stupid question, but can anyone tell me why this connection is being blocked by the Implict Deny firewall rule? In the firewall rules, I have created allowing rules for DNS, HTTPS and some traffic goes through, and some like the one below to Google does not...

 

date="2023-02-16" time="14:42:13" id=7200748607182471170 bid=4486763 dvid=1043 itime=1676554933 euid=3 epid=1030 dsteuid=3 dstepid=101 logflag=103 logver=702041396 type= "traffic" subtype="forward" level="notice" action="deny" policyid=0 sessionid=898077 srcip="192.168.X.ABC" dstip="142.250.203.193" srcport=54554 dstport=443 trandisp="noop " duration=0 proto=17 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 logid="0000000013" srcname="TEST1" service="Google-Web" app="Google-Web" appcat="unscanned" srcintfrole= "lan" dsstintfrole="wan" srcserver=0 policytype="policy" eventtime=1676554933387308699 crscore=30 craction=131072 crlevel="high" srcmac="AAAAAA" mastersrcmac="AAAAAA" srchwvendor="HP" srcswversion="10" osname="Windows" srccountry="Reserved" dstcountry="Poland" srcintf="internal" dstintf="wan2" dstinetsvc="Google-Web" dstowner="google.com" threatwgts="{30}" threatcnts="{ 1}" threatlvls="{3}" threats="{blocked-connection}" threattyps="{blocked-connection}" tz="+0100" dstregion="Masovian" dst city="Warsaw" dstreputation=4 devid="FGTXXXXXXXX" vd="root" devname="XXXXX"

Best Regards,
Wojtek
Labels:
529
0 Kudos
3 REPLIES 3
lol
Staff
Staff

Created on ‎02-16-2023 07:03 AM

Hello,

 

The packet does not match any existing firewall policy and therefore matches the implicit deny rule action="deny" policyid=0.

Likely your existing firewall rules are not matching for the src/dst and ports seen in the log entry.

 

 

It is very unlikely this issue could be resolved through the forums without knowing your policy framework.

It's recommended to open a support ticket with technical support to have this further investigated so you can share your config for review.

 

The first steps here would be to collect a debug flow and check the config file.

 

Regards,

526
0 Kudos
wotik
New Contributor III
In response to lol

Created on ‎02-17-2023 12:30 AM

Hello,

Ok, I thought so.

I created a support ticket ..

Best Regards,
Wojtek
408
0 Kudos
gfleming
Staff
Staff

Created on ‎02-16-2023 09:12 AM

Can you show us the policy that you have defined that should match internal->WAN traffic ?

Cheers,
Graham
509
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.