Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
tomeks
New Contributor II

Fortigate asymmetric routing

Where in Fortigate can I observe that the connection has been blocked due to asymmetric routing? I can't see log entries.

11 REPLIES 11
Markus_M
Staff
Staff

If there is return traffic coming from some source, it will be dropped. As mentioned earlier, it will not match an existing session as it actually seems to match one, but the ingress interface is not matching. Forward traffic log for that policy should contain that log. Be aware that your policy logging setting must be set to "log all", UTM will not log the traffic.

tomeks
New Contributor II

I have full log enabled.
There is no information in diagnose debug that it assigned a link to a policy (even though such a policy exists). Probably logs nothing for this.

 

id=20085 trace_id=21 func=print_pkt_detail line=5783 msg="vd-root:0 received a packet(proto=1, 192.168.129.10:1->192.168.133.10:2048) from vlan1. type=8, code=0, id=1, seq=10215."
id=20085 trace_id=21 func=init_ip_session_common line=5955 msg="allocate a new session-005c2ba9"
id=20085 trace_id=21 func=ip_route_input_slow line=2266 msg="reverse path check fail, drop"
id=20085 trace_id=21 func=ip_session_handle_no_dst line=6041 msg="trace"

Labels
Top Kudoed Authors