Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Umesh
Contributor

Fortigate meassage || IPv4 policy lookup ||

Hi All,

 

Can anyone explain what the meaning of below message in policy lookup.

 

Policy lookup matches the implicit deny policy. No explicit policy exists from source interface "switch_port5" to destination interface "port1" as determined by a route lookup to "142.250.67.174"

 

thanks

3 REPLIES 3
adambomb1219
Contributor III

There is no policy configured that matched this traffic.

Umesh

Hi,

 

Can you explain what the  implicit deny policy and explicit policy is.

srajeswaran

Hi @Umesh 

Implicit deny policy is the "default policy" configured on the system by default. You cannot edit/modify this. This policy will drop the traffic that is not matching any other policies configured by you/firewall-admin.

 

All the firewall policies that are configured by you/firewall-admin called the explicit policy and they are placed above the implicit deny policy. Policy match happens from top to bottom in other words the explicit policies are checked first and if there are no match traffic will hit the implicit deny policy on the bottom.


I hope this helps.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

Top Kudoed Authors