Firewall Policies created not working

Giovanna · ‎03-22-2025

I did a simple exercise where I connected the two PCs to the physical FortiGate (to port1 and port2). Then I created a rule where I set the incoming traffic to port1 and outgoing traffic to port2 (with all other parameters set to 'all'). I also created another rule to permit the reverse traffic. However, all traffic is being denied due to the implicit deny rule. Does anyone have a suggestion regarding this configuration? I can ping the FortiGate from the PCs. The FortiGate is not registered yet (I did the same configuration in VMware Workstation with the FortiGate running on a VM, and it worked).

AEK · ‎03-22-2025

In the traffic logs, double click on a deny log entry and post a screenshot.

Also please post a screenshot of the related firewall rule.

AEK

esalija · ‎03-23-2025

Dear @Giovanna ,

Please run the debug command to check the traffic flow and the firewall policy that is matching:

# diagnose debug disable

# diagnose debug flow filter addr <Source_IP> <Destination_IP> and

# diagnose debug flow show function-name enable

# diag debug flow show iprope enable

# diagnose debug console timestamp enable

# diagnose debug flow trace start 1000

# diagnose debug enable

Best regards,
Erlin

konebmo1 · ‎03-23-2025

Sorry Ill post the screenshots when I'm a little more awake, LAN1 and the VLAN are on one L2 managed switch then the LAN2 interface is on a completely separate set of cables running into an unmanaged hub before being fed into a separate nic port from the other network.

Firewall Policies created not working

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website