Recently I 've update my Fortigate 600E to 7.0.12 and I have Fortianalyzer 400E with v7.2.3. I've observed that I have a lot of Firewall "Allow action" matching policy 0. The traffic is not passing (there are no received packets) but it's confusing for me when I study logs. I've read the release notes and I don't have find a bug talking about this.
Why I see Accept action when the policy ID is 0? Thanks
Thanks for your replys. It's not local traffic, It's normal traffic from computers, for example, that not matches any firewall policy and finally it matches policy 0. In some cases I can see the deny action and in others not... I attach you an image. I can see this example in "logs" forward traffic (not in local traffic).
I'm quite confident the "problem" is not a "real problem" , but you see it as such because there is no good explanation provided (yet) for this behaviour. And you will probably not receive a good explanation online, without sharing your config and complete logs. I would advise you to open a case with TAC (providing config and full logs) to provide you with a good explanation.
- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.