Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
therculano
New Contributor III

Created on ‎08-28-2025 06:30 AM

Rule blocking an authorized address

Hello! 

Can you explain why a deny happend on this log? The address is release in the rule, but it was blocked anyway, just a single time. Screenshot_1.jpg

date=2025-08-28 time=10:08:20 id=7543622580939259925 itime=2025-08-28 10:08:21 euid=3 epid=6003 dsteuid=3 dstepid=101 logflag=3 logver=704082795 sfsid=0 type=traffic subtype=forward level=notice action=deny policyid=52 sessionid=147382898 srcip=172.30.171.217 dstip=138.59.163.69 srcport=42401 dstport=443 trandisp=noop duration=44 proto=6 sentbyte=180 rcvdbyte=0 sentpkt=3 rcvdpkt=0 logid=0000000013 service=HTTPS app=HTTPS appcat=unscanned srcintfrole=lan dstintfrole=wan srcserver=0 policytype=policy eventtime=1756386501043559039 crscore=30 craction=131072 crlevel=high srcuuid=498de162-e8a6-51ef-6775-922ed917fc34 dstuuid=5d5a000e-f37d-51ef-1ff6-866a1aaf3cde poluuid=f050e110-e89d-51ef-5c4c-a43178bb4c78 srcmac=56:84:20:f4:60:02 mastersrcmac=56:84:20:f4:60:02 srccountry=Reserved dstcountry=Brazil srcintf=lan dstintf=wan2 policyname=Boleto_digital threatwgts=30 threatcnts=1 threatlvls=3 threats=blocked-connection threattyps=blocked-connection tz=-0300 vd=root csf=UNF_SEC_FABRIC dtime=2025-08-28 10:08:20 itime_t=1756386501 devname=FGT100F_ALF srcuuid_name=SAP Server dstuuid_name=Boleto Digital - Itau

Thiago Herculano
Thiago Herculano
Labels:
244
0 Kudos
1 Solution
AEK
SuperUser
SuperUser
In response to therculano

Created on ‎09-01-2025 02:05 AM

Try debug the flow to see what is blocking the traffic.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Debug-flow-tool/ta-p/213238

AEK

View solution in original post

AEK
145
5 REPLIES 5
sokatvo2
New Contributor

Created on ‎08-28-2025 06:45 AM

It appears you have most things covered. One additional thing that might be a good idea is to create an app-filter for high risk score apps and app categories and use the filter for an app block rule. Using an app filter can be useful, because it scales automatically as new app-ids are created, if they fall into the right criteria, they'll automatically get added to that app filter.

https://9apps.ooo/
https://9apps.ooo/
236
AEK
SuperUser
SuperUser

Created on ‎08-28-2025 08:37 AM

Are you using security profiles in the related rule? Did your check the related UTM logs?

AEK
AEK
204
therculano
New Contributor III
In response to AEK

Created on ‎08-28-2025 10:05 AM

Yes, I do, but my security profile is just monitoring it. I'm using web filter just to see the URLs that are being accessed and couldn't find the web filter log for this deny event, so probably it was blocked before the rating. 

Thiago Herculano
Thiago Herculano
189
0 Kudos
AEK
SuperUser
SuperUser
In response to therculano

Created on ‎09-01-2025 02:05 AM

Try debug the flow to see what is blocking the traffic.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Debug-flow-tool/ta-p/213238

AEK
AEK
146
therculano
New Contributor III
In response to AEK

Created on ‎09-02-2025 07:30 AM

Sorry for the delayed anwser. I debuged the flow and I found some few sessions falling into a sdwan general route instead of the policy route. So the traffic was denied due to the wrong outgoing interface. It was a strange behavior, the policy route rule was correct, so I created an SDWAN rule to ensure traffic always goes to the correct interface. It's working fine now, but I couldn't figure out why it went to the SDWAN rule.

Thiago Herculano
Thiago Herculano
113
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.