Hello all.

Need a help with configuration local-in-policy to blocking IPsec from not known sources.

I created policy like this:

config firewall local-in-policy
edit 1
set intf "wan1"
set srcaddr "s2s_name"
set dstaddr "all"
set action accept
set service "IKE" "ESP"
set schedule "always"
set status enable
next
edit 2
set intf "wan1"
set srcaddr "all"
set dstaddr "all"
set action deny
set service "IKE" "ESP"
set schedule "always"
set status enable
next
end

But still continue to get a lot alerts like this:

date=2023-08-28 time=04:56:59 devname=FortiGate devid=FG200EXXXXXXXXX eventtime=1693187818206746689 tz="+0300" logid="0101037131" type="event" subtype="vpn" level="error" vd="root" logdesc="IPsec ESP" msg="IPsec ESP" action="error" remip=80.82.XX.XXX locip="185.MY IP ADD" remport=4500 locport=500 outintf="wan1" cookies="N/A" user="N/A" group="N/A" useralt="N/A" xauthuser="N/A" xauthgroup="N/A" assignip=N/A vpntunnel="N/A" status="esp_error" error_num="Received ESP packet with unknown SPI." spi="30303030" seq="30303030"

Thanks!

Aleksei