How to check if the firewall policy i configured is working properly?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can use the policy lookup option to check if the traffic is matching any of the policies.
You can check the attached document for reference
https://docs.fortinet.com/document/fortigate/6.2.14/cookbook/497952/policy-views-and-policy-lookup
You can use the count option, it must increase if the traffic is hittting the policy.
https://docs.fortinet.com/document/fortigate/7.4.0/administration-guide/525166/verifying-the-correct...
More options can be found in below discussion.
https://community.fortinet.com/t5/Support-Forum/Verifying-Firewall-Policies/m-p/34171
To check if a firewall policy configured on a FortiGate firewall is working properly, you can follow these steps:
Check policy status: In the FortiGate web interface, navigate to "Policy & Objects" and then "IPv4 Policy" (or "IPv6 Policy" if applicable) to view the list of firewall policies. Look for the specific policy you want to check and ensure that its status is set to "Enabled."
Verify policy order: The order of firewall policies is crucial as they are evaluated from top to bottom. Ensure that the policy you want to test is placed correctly in the policy list, so it's evaluated before any other policies that could potentially block or allow the traffic.
Test traffic flow: Generate test traffic that should match the configured policy and monitor its behavior. For example, if you have a policy to allow HTTP traffic from a specific source IP to a specific destination IP, attempt to access a web page from the allowed source IP and observe if the traffic is allowed through.
Check logs and traffic logs: Review the FortiGate logs to see if any events related to the policy are being logged. The logs can provide valuable information about the traffic flow, including if the policy is being matched and any actions taken (allow, deny, etc.). You can access logs under the "Log & Report" section of the web interface.
Monitor traffic counters: Within the firewall policy settings, you can check the traffic counters to see if any traffic is hitting the policy. The counters will show how many packets and bytes have been matched by the policy. This can help you determine if traffic is being evaluated by the policy.
If the policy allows ICMP traffic, you can initiate a ping test from a device in the source network to the destination IP address or network associated with the policy. If the ping is successful, it indicates that the policy is allowing the traffic. In the FortiGate web interface, navigate to the "Log & Report" section or the log viewer. Look for traffic logs related to the specific source IP address, destination IP address, and service/port specified in the firewall policy. The logs will indicate whether the traffic was allowed or denied by the policy.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.