Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Policies no longer accepting traffic

Issue here is that all of our filter policies are no longer accepting traffic. The log shows traffic but it's not hitting any of our policies. I've check to make sure it's pulling users and groups from our DC. Policies haven't changed (that I can see) I can't tell when this started. I have reloaded configs from previous dates. I'm at a loss here. Any help is appreciated. I know my input is a little vague. I can provide more if anyone has any clue on how to help. Thanks :-) EDIT: Disregard. I have figured out the order had gotten messed with. Overlooked it.

New Contributor

Hello Cory, At this time FGT are lowering traffic? At least the last rule, cleanup, have to match!


If it is a critical situation try reboot FGT,If it is a clsuter, try to reboot backup node and after reboot try to switch clsuter member.


For test, try to clone a rule and remove the users from source.

In this way you can see if it's a "user recognisation" issue.

If this rule match Try to verify the status of FSSO agent. If it is not match verify the performance of FGT, if it is in idle or if is 100% load.

Esteemed Contributor III

The cli  cmd diag debug flow and a filter or two will always reflect what policy is being hit and the action. It should ALWAYS  be the 1st stepping diagnostics imho


Than the seq#-ordering should be looked at







PCNSE NSE StrongSwan
Top Kudoed Authors