Hi,
I have a Fortigate 3200D running 6.4.11, when I do a Policy Lookup in the 'Firewall Policy' section of the GUI, if I have 'normal' subnet groups in the source and destination (and no FSSO groups) the Policy Lookup will highlight the precise policy in the GUI that allows the traffic, as expected, or give a message that no suitable policy was found. However, if in addition to the the 'normal' subnet groups in the Firewall Policy there is also a Group Type of FSSO Single Sign-On (in the source or destination), no policy is ever returned by Policy Lookup. This happens if I am using a source/destination IP from within the range of the 'normal' subnet groups within the Firewall Policy. Is this expected behaviour?
Note there is no equivalent PBR in place which could interfere with the traffic.
The only difference I can see between policies that work and those that don't, is the addition of FSSO groups. Also I am not referring to Firewall Policies that only have FSSO groups in either the source or destination, but Firewall Policies that have both 'normal' subnet groups AND FSSO type groups.
Has anyone seen this before?
Thanks
Mark
Hello Mark,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hi Anthony,
It would be good if someone with a version 7.x Fortigate could test a 'Policy Lookup' with/without FSSO groups. Can anyone do that?
Regards
Mark
Hi Mark,
I will share your post to a FortiGate expert and we will come back to you ASAP.
Regards,
Hi Mark,
Our engineers will proceed the test and will come back to you.
Regards,
Hi Mark,
it should be expected behavior, firewall policy lookup does not show matched policy if policy has authentication group on it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.