Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
LarW63
New Contributor III

Intermittent Policy Deny with Destination Interface Unknown

Hi,

We have several Fortigates, all running v5.4.5, that are showing the following problem.

 

In the Traffic log we see intermittent Policy Violations with Deny as the Firewall Action. The Destination Interface is listed as Unknown-0 and the Message is "no session matched".

 

Yet, in this same log, there are entries with the exact same Source / Destination IPs and Service as above but show Accepted with the proper destination interface.

 

The traffic happens to be firewall management https traffic to the loopback.0 interface, if that makes a difference.

 

Does anyone have an idea what's going on here?

 

Thanks for your time.

Larry

 

2 REPLIES 2
emnoc
Esteemed Contributor III

provide a snippet of the log message.

 

(Qs)

With destination not being know is that learned thru a dynamic routing protocol?

Did you have flapping  or instability in the network going on?

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
LarW63
New Contributor III

Hi,

 

Attached is a log snippet from LogView in Fortimanager.

 

The loopback IP is indeed advertised through OSPF, however no state changes or flapping occurred.  These Policy Violations occur fairly regularly in the log, in between Accepts.

 

Thanks,

Larry 

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors