Fortinet Community

Report Inappropriate Content · ‎10-26-2004

I am using V2.8 MR5 of Fortigate-400. I would like to log all the traffic hitting anything visible (routable) behind the firewall. Is there a way to enable the default " deny all" rule for the inbound traffic ? I' ve tried to give an explicit " deny all" rule (0.0.0.0/0.0.0.0 -> 0.0.0.0/0.0.0.0 ANY DENY) but it does not block or log anything. A fortinet engineer says because the rules on virtual IP address get matched first and therefore the explicit DENY ALL rule is bypassed. This sounds pretty unlogical to me. Any idea about this ? How can I make this work ? Thanks BB

mgoswami · ‎05-12-2023

Hi,

You might try to configure local in policy for inbound traffic.

Please refer to this link:
https://docs.fortinet.com/document/fortigate/6.2.14/cookbook/363127/local-in-policies

BR,

Manosh

ede_pfau · ‎05-14-2023

Jeez, did anybody notice that this thread was started 19 years ago? Go Fortinet!

But, alas, this situation might still arise today, with FortiOS 6.x/7.x. You can find an explanation and a workaround in the KB using the keyword "match-vip". Will only be applicable in DENY policies from FOS 7.0 on.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firewall-does-not-block-incoming-WAN-to-LA...

and a post from this forum

https://community.fortinet.com/t5/Support-Forum/Match-vip-clarification-for-deny-rules/td-p/95228

Ede

"Kernel panic: Aiee, killing interrupt handler!"

Fortinet Community

Explicit DENY ALL for inbound does not work