Hello, can anyone tell me what msg="Allowed by Policy-1:" means at the output of diagnose debug flow filter saddr ?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Means the packet arrived at your FGT is allowed to go out by firewall policy ID 1. Depending on your FortiOS version GUI might not show the ID by default and show only sequence. You might need to add ID into the table view. In CLI it always show up under "config firewall policy".
Thanks, "id" was disabled, but in the cli under firewall policy I did not think that "edit 1" corresponds to policy-1.
What is the difference between id and seq. # In the table?
Hi ,
When policy is created unique assigned ID which can be tracked by using this ID no.Sequence no mainly used in GUI to track the policy .But in cli only policy ID is used and even in the logs .
Regds,
Ashik
They even dropped from showing the sequence numbers in GUI from, I think, 5.6. Only IDs are in Firewall->IPv4 Policy.
opifex wrote:Thanks, "id" was disabled, but in the cli under firewall policy I did not think that "edit 1" corresponds to policy-1.
What is the difference between id and seq. # In the table?
Policy ID -> An unique identifier assigned to a policy (firewall or an Explicit proxy). Does not change, unless the policy is deleted. For eg: Policy ID 0 is the default Deny policy. Please be aware that it is possible to have a Firewall policy with ID 1 and Explicit proxy policy with ID 1, as they are of different types.
Seq Number -> A number assigned to policy depending upon its position in the Policy Table. The FGT will match the traffic to a policy from top to bottom. This means from Seq No 1 to Seq no N. Seq 1 is the top. The Seq number will help you to plan how you position your policies. Generally the policy that catches the maximum traffic is moved to the top (lower Seq No.)
The Seq No. will change automatically, if you change the position of policy in the policy table. For eg: Dragging a policy in GUI.
Hope it helps,
Prab
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1633 | |
1063 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.