Hi,
We have several Fortigates, all running v5.4.5, that are showing the following problem.
In the Traffic log we see intermittent Policy Violations with Deny as the Firewall Action. The Destination Interface is listed as Unknown-0 and the Message is "no session matched".
Yet, in this same log, there are entries with the exact same Source / Destination IPs and Service as above but show Accepted with the proper destination interface.
The traffic happens to be firewall management https traffic to the loopback.0 interface, if that makes a difference.
Does anyone have an idea what's going on here?
Thanks for your time.
Larry
provide a snippet of the log message.
(Qs)
With destination not being know is that learned thru a dynamic routing protocol?
Did you have flapping or instability in the network going on?
Ken
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.