Foritgate FW version : 7.4.4
I have created two proxy policy with different schedule, office hour and non office hour.
and i notice that the traffic is matched with non office hour schedule and policy when I access internet in office hour.
anyone have experience this issue ?
Observed Update on 8/July/2024:
Traffic between 4PM to 3 AM will go to office hour policy with schedule 8AM-7PM
Traffic between 3AM to 4 PM will go to non office hour policy with schedule 7PM-8AM
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
sry are you replied a wrong post...
Hi @itmdadmin,
I can't reproduce this issue in my lab. Please check FortiGate timezone and make sure it is correct. You can also collect debug flow to see if it really matches that policy. https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...
Regards,
Created on 07-07-2024 11:23 PM Edited on 07-07-2024 11:24 PM
Hello,
Can you verify source and destination in policy look up and Check to see there are no other firewall rules that supersede this rule. Remember that firewall rules are processed from top-to-bottom.
there is no other policy that will supersede those two rules
what I see is that your one schedule's ending time is exactly the start time of the other and vice versa.
Probably this might result in sessions being created with wrong policy because both are active for that minute and then the first will match?
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
we had try setting the start time and end time with 1 min different but still the same result.
Hi,
- Do you see the issue all the time or only for a specific period of time every day?
- Is the "fast-policy-match" configuration enabled in the Firewall?
Regards,
Shiva
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.