Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
PampuTV
New Contributor II

Created on ‎07-01-2022 12:24 AM

FortiGate Debug ret-no-match

Hi Community,

 

can someone explain the meaning of "ret-no-match" in a debug flow on a FGT?
As an example debug line see the following:
"2022-07-01 09:04:45 id=20085 trace_id=32985 func=__iprope_check_one_policy line=1951 msg="checked gnum-4e20 policy-6, ret-no-match, act-accept""

 

I understand the line itself but not the meaning of "ret-no-match".

 

Thanks a lot.

 

Kind regards
Dominik

Labels:
12673
0 Kudos
1 Solution
PampuTV
New Contributor II
In response to kcheng

Created on ‎07-01-2022 12:56 AM

Hi @kcheng

 

Thanks for the fast reply!
But how can the action be "act-accept" if the match is "ret-no-match"?

Kind regards
Dominik

View solution in original post

12667
0 Kudos
6 REPLIES 6
kcheng
Staff
Staff

Created on ‎07-01-2022 12:55 AM

Hi @PampuTV 

 

The respective means that based on the firewall policy check, the traffic has no match on policy 6. So the check result return no match (ret-no-match).

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
12668
PampuTV
New Contributor II
In response to kcheng

Created on ‎07-01-2022 12:56 AM

Hi @kcheng

 

Thanks for the fast reply!
But how can the action be "act-accept" if the match is "ret-no-match"?

Kind regards
Dominik

12668
0 Kudos
kcheng
Staff
Staff
In response to PampuTV

Created on ‎07-01-2022 01:04 AM

Hi @PampuTV 

 

The action is referencing the action set on the firewall policy, but not the action taken after the traffic is being evaluated against policy 6. Policy 6 is permitting traffic if it matches the policy. based on the debug flow filter, your traffic does not match firewall policy 6, so it will continue to get evaluatedd by the next policy.

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
12665
PampuTV
New Contributor II
In response to kcheng

Created on ‎07-01-2022 01:08 AM

Hi @kcheng 

 

understood that, thanks.

Can you maybe tell if "policy 6" is based on a firewall policy or a firewall security-policy? Talking about NGFW mode exclusively.

 

Kind regards
Dominik

12663
0 Kudos
kcheng
Staff
Staff
In response to PampuTV

Created on ‎07-01-2022 02:25 AM

Hi @PampuTV 

 

The debug flow would show policy on native policy only. That means it is under firewall policy. There is another command to debug on security policy. You may refer to the KB below:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-check-NGFW-policy-matching/ta-p/192...

Cheers,
Kayzie Cheng

If you have found a solution, please like and accept it to make it easily accessible for others.
12655
PampuTV
New Contributor II
In response to kcheng

Created on ‎07-01-2022 03:09 AM

Hi @kcheng 

 

thanks a lot!

Kind regards
Dominik

12653
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.