Hello team,
i have a question abount policy match.
I have sniffed packets from fortigate CLI and the result is:
6.891062 port3 in 195.xx.xxx.xx -> 172.xx.xx.xxx: icmp: echo request
7.892226 port3 in 195.xx.xxx.xx -> 172.xx.xx.xxx: icmp: echo request
8.892875 port3 in 195.xx.xxx.xx -> 172.xx.xx.xxx: icmp: echo request
So I created a firewall policy having as source port3 and source ip address 195.xx.xxx.xx and as destination 172.xx.xx.xxx with service ICMP_ALL. But the policy not match.
Any suggestion?
Thanks for the support
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 10-25-2023 08:55 AM Edited on 10-25-2023 08:56 AM
For a policy route to work, there need to be a proper route existing toward the same outgoing interface in the routing table.
For examiple, if two 0/0 routes to wan1 and wan2 exist, you can set two policy routes for one group of IPs to use wan1 for like 8.8.8.8/8.8.4.4 and another group of IPs to use wan2 for the same DNS servers.
But if there is only one 0/0 route to wan1, and no route toward wan2, the second group won't be able to reach the DNS servers. It wouldn't be able to use wan1 either because the policy route "sticks" and won't let it follow the 0/0 route.
Toshi
Created on 10-25-2023 08:55 AM Edited on 10-25-2023 08:56 AM
For a policy route to work, there need to be a proper route existing toward the same outgoing interface in the routing table.
For examiple, if two 0/0 routes to wan1 and wan2 exist, you can set two policy routes for one group of IPs to use wan1 for like 8.8.8.8/8.8.4.4 and another group of IPs to use wan2 for the same DNS servers.
But if there is only one 0/0 route to wan1, and no route toward wan2, the second group won't be able to reach the DNS servers. It wouldn't be able to use wan1 either because the policy route "sticks" and won't let it follow the 0/0 route.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1098 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.