Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
itmdadmin
New Contributor II

Created on ‎07-03-2024 09:26 PM Edited on ‎07-08-2024 12:53 AM

Traffic match with wrong Schedule

Foritgate FW version : 7.4.4

I have created two proxy policy with different schedule, office hour and non office hour.

and i notice that the traffic is matched with non office hour schedule and policy when I access internet in office hour. 

anyone have experience this issue ? 

 

Observed Update on 8/July/2024:

Traffic between 4PM to 3 AM will go to office hour policy with schedule 8AM-7PM

Traffic between 3AM to 4 PM will go to non office hour policy  with schedule 7PM-8AM  

 

 

Office_Hour.pngNon_office_hour.pngTraffic_log.png

 

 

Labels:
849
0 Kudos
15 REPLIES 15
itmdadmin
New Contributor II
In response to smaruvala

Created on ‎07-08-2024 06:47 PM

It happen all the time.

The "fast-policy-match" is not configurated, is it default enable ? shall i disable it ?

262
0 Kudos
smaruvala
Staff
Staff
In response to itmdadmin

Created on ‎07-08-2024 11:52 PM

Hi,

 

- When was the Policy created? I can see the issue started from 8th of June. Was the Policy created on 7th of June?

- In the screenshot we can see the schedule status is showing as inactive. But if you edit the policy and go into the policy then check the status of schedule, does it show inactive or active?

- I think I am able to reproduce the issue in the lab. I did not face the issue yesterday. But today I am seeing the issue. So I am assuming it was matching office-hours proxy policy first. Then during non-office hours it was matching the non-office policy and it has not changed back to office hours policy.

- I would suggest you to open a support case. Replication should be possible in version 7.4.4 but I think we need to give one day time. If you have already opened the case let me know the case number.

 

Regards,

Shiva

248
smaruvala
Staff
Staff
In response to smaruvala

Created on ‎07-09-2024 01:06 AM

Hi,

 

I can see couple of open bugs reported internally in 7.4.4 which looks same. I am assuming the wad process is not getting the correct time so it is matching the incorrect policy.

 

Regards,

Shiva

234
itmdadmin
New Contributor II
In response to smaruvala

Created on ‎07-09-2024 02:23 AM

- The original policy was created year ago, the test policy was created on 3 July.

- The schedule time is show as active for both office and non office hour in the edit mode

- Yes i have created a support case already and one of your engineer have remoted to check it - Ticket No. 9677466

  

214
0 Kudos
ede_pfau
SuperUser
SuperUser

Created on ‎07-09-2024 01:22 AM Edited on ‎07-09-2024 02:10 AM

I think it is related to session lifetime. When the correct schedule is matched, a session is allowed to be established. Then the schedule expires, but the session is not re-evaluated ('dirty').

Isn't there an option to force that lookup?

 

There is an option which governs the behavior of active sessions vs. schedule expiration:

config firewall policy

edit <nn>

set schedule-timeout enable

 

If enabled, sessions will be terminated on schedule expiry. If disabled, active sessions are allowed to continue while new sessions will be prevented. Disabled is the default.

I'd give it a try.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
229
itmdadmin
New Contributor II

Created on ‎07-09-2024 02:47 AM

After some test, its seems that the scheduler is using the GMT+0 as the measure time instead of my local time GMT+8

206
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.