Hi, I have a Fortigate 60E firmware 7.4.1 I have a public subnet that very often tries to connect via IPSEC VPN to the firewall. I therefore created a local-in-policy to deny the connection to this subnet, but I continue to see the logs and I also receive emails from an automation that notifies me of unsuccessful VPN connections. Shouldn't the local-in-policy block the source connection so it doesn't even create the log? The firewall navigates with a public IP directly on its WAN.
set uuid 006d9cf8-500d-51ee-cdb6-363058ded725
set subnet 18.104.22.168 255.0.0.0
config firewall local-in-policy
set uuid d69d2fdc-500d-51ee-9cb8-ff27447660f2
set intf "WAN-Fibra"
set srcaddr "Attempt_ipsec_22.214.171.124"
set dstaddr "all"
set service "IKE" "ALL_ICMP" "VPN_SSL_9443"
set schedule "always"
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.