Hello,
I have some traffic hitting Implicit Deny, even tho the Allow Policy seems to be correct:
Logs:
Rule:
Found this: Traffic dropped by 'implicit deny pol... - Fortinet Community, but everything shown is ok here.
This might be relevant: I recently changed my FortiGate from standalone to Fabric Root.
Could you please help diagnose this? Thanks in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi
Try check in quarantine monitor if the spurce IP addresses are not quarantined.
Also check in the above log if the outgoing interface is the right one in the policy.
Hi @AEK!
No quarantined IP or devices.
In the logs the outgoing interface is the right one.
One thing I noticed is the blocks happen only with my WLANs.
Created a new Policy "TEMP_TEST", added it on the top with one of them:
Logs:
PS: This WLAN has a captive portal and is from a FortiAP. Users just need to accept the terms to login in.
I don't have a clue :grinning_face_with_sweat:
Any ideas how to further look into it?
Hi NoneEng
So can you disable the active portal and try again?
Hi,
Please share the debug logs:-
diagnose debug reset
diagnose debug flow trace stop
diagnose debug flow filter clear
diagnose debug flow filter addr X.X.X.X -------->>x.x.x.x is your destination IP
diagnose debug flow show function-name enable
diagnose debug console timestamp enable
diagnose debug flow trace start 1000
diagnose debug enable
Note:- Run this to stop the debug
diagnose debug disable
Hello @NoneEng
Can you check if there is appropriate SD WAN rule enabled for this?
It is most likely a routing issue, the debug flow mentioned earlier will give more information about what is happening.
One other thing you could try as a troubleshooting step is to create policy route for this traffic specifically:
Regards,
Varun
Hello, you can verify below settings:
-correct source
-service(ports) are allowed
-correct interface
- there is no deny policy at top of allow policy
also make sure in policy schedule portion it has correct values
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.