Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Dee70
New Contributor

Fortigate

How to check if the firewall policy i configured is working properly?

4 REPLIES 4
FortiNitish
Staff
Staff

You can use the policy lookup option to check if the traffic is matching any of the policies.

 

You can check the attached document for reference

https://docs.fortinet.com/document/fortigate/6.2.14/cookbook/497952/policy-views-and-policy-lookup

srajeswaran
Staff
Staff

You can use the count option, it must increase if the traffic is hittting the policy.

 

https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/525166/verifying-the-correct...

More options can be found in below discussion.

https://community.fortinet.com/t5/Support-Forum/Verifying-Firewall-Policies/m-p/34171

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
Shilpa1
Staff
Staff

To check if a firewall policy configured on a FortiGate firewall is working properly, you can follow these steps:

  1. Check policy status: In the FortiGate web interface, navigate to "Policy & Objects" and then "IPv4 Policy" (or "IPv6 Policy" if applicable) to view the list of firewall policies. Look for the specific policy you want to check and ensure that its status is set to "Enabled."

  2. Verify policy order: The order of firewall policies is crucial as they are evaluated from top to bottom. Ensure that the policy you want to test is placed correctly in the policy list, so it's evaluated before any other policies that could potentially block or allow the traffic.

  3. Policy lookup: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Firewall-policy-lookups/ta-p/192912
  4. Test traffic flow: Generate test traffic that should match the configured policy and monitor its behavior. For example, if you have a policy to allow HTTP traffic from a specific source IP to a specific destination IP, attempt to access a web page from the allowed source IP and observe if the traffic is allowed through.

  5. Check logs and traffic logs: Review the FortiGate logs to see if any events related to the policy are being logged. The logs can provide valuable information about the traffic flow, including if the policy is being matched and any actions taken (allow, deny, etc.). You can access logs under the "Log & Report" section of the web interface.

  6. Monitor traffic counters: Within the firewall policy settings, you can check the traffic counters to see if any traffic is hitting the policy. The counters will show how many packets and bytes have been matched by the policy. This can help you determine if traffic is being evaluated by the policy.

  7. fortigate debug filter: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Using-filters-to-review-traffic-traversing...


    - Have you found a solution? Then give your helper a "Like" and mark the solution.
    regards,

    Shilpa C P



pavankr5
Staff
Staff

If the policy allows ICMP traffic, you can initiate a ping test from a device in the source network to the destination IP address or network associated with the policy. If the ping is successful, it indicates that the policy is allowing the traffic. In the FortiGate web interface, navigate to the "Log & Report" section or the log viewer. Look for traffic logs related to the specific source IP address, destination IP address, and service/port specified in the firewall policy. The logs will indicate whether the traffic was allowed or denied by the policy.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors