I have a home lab environment, and I have created a VIP for my Citrix Lab with NetScaler frontend. Regardless of what I try traffic to the VIP is being dropped based on debug view, but I don't see any traffic in the logs. This used to work with another service but that stopped working as well.
Fortigate-70F
Firmware: 7.6.1
Debug Trace
2025/06/12 09:31:54,"vd-root:0 received a packet(proto=6, X.X.X.X:30212->X.X.24.153:8445) tun_id=0.0.0.0 from wan1. flag [S], seq 3633665461, ack 0, win 65535"
2025/06/12 09:31:54,allocate a new session-0005eb2b
2025/06/12 09:31:54,"in-[wan1], out-[]"
2025/06/12 09:31:54,len=1
2025/06/12 09:31:54,checking gnum-100000 policy-1061
2025/06/12 09:31:54,"result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025/06/12 09:31:54,find a route: flag=80000000 gw-X.X.24.153 via root
2025/06/12 09:31:54,"in-[wan1], out-[], skb_flags-02000000, vid-0"
2025/06/12 09:31:54,"gnum-100017, check-ffffffbffc02ca54"
2025/06/12 09:31:54,"after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025/06/12 09:31:54,"in-[wan1], out-[], skb_flags-02000000, vid-0"
2025/06/12 09:31:54,"gnum-100011, check-ffffffbffc02db70"
2025/06/12 09:31:54,"after check: ret-no-match, act-drop, flag-00000000, flag2-00000000"
2025/06/12 09:31:54,"gnum-100001, check-ffffffbffc02ca54"
2025/06/12 09:31:54,"checked gnum-100001 policy-1, ret-no-match, act-accept"
2025/06/12 09:31:54,"gnum-100001 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025/06/12 09:31:54,"after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025/06/12 09:31:54,"gnum-10000e, check-ffffffbffc02ca54"
2025/06/12 09:31:54,"checked gnum-10000e policy-4294967295, ret-no-match, act-accept"
1 Solution
