Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
itmdadmin
New Contributor II

Created on ‎07-03-2024 09:26 PM Edited on ‎07-08-2024 12:53 AM

Traffic match with wrong Schedule

Foritgate FW version : 7.4.4

I have created two proxy policy with different schedule, office hour and non office hour.

and i notice that the traffic is matched with non office hour schedule and policy when I access internet in office hour. 

anyone have experience this issue ? 

 

Observed Update on 8/July/2024:

Traffic between 4PM to 3 AM will go to office hour policy with schedule 8AM-7PM

Traffic between 3AM to 4 PM will go to non office hour policy  with schedule 7PM-8AM  

 

 

Office_Hour.pngNon_office_hour.pngTraffic_log.png

 

 

Labels:
2632
0 Kudos
19 REPLIES 19
itmdadmin
New Contributor II
In response to krunesa3

Created on ‎07-03-2024 11:51 PM

sry are you replied a wrong post... 

1440
0 Kudos
hbac
Staff
Staff

Created on ‎07-04-2024 08:48 AM

Hi @itmdadmin,

 

I can't reproduce this issue in my lab. Please check FortiGate timezone and make sure it is correct. You can also collect debug flow to see if it really matches that policy. https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-First-steps-to-troubleshoot-connecti...

 

Regards, 

1408
itmdadmin
New Contributor II
In response to hbac

Created on ‎07-07-2024 11:23 PM Edited on ‎07-07-2024 11:24 PM

  1. Timezone is correct and I have worked with a foritgate engineer to troubleshoot it but still not solved and the case is under researching....
1312
0 Kudos
hbac
Staff
Staff
In response to itmdadmin

Created on ‎07-08-2024 05:58 AM

Hi @itmdadmin,

 

Does it also happen to regular firewall policy or just proxy policy?

 

Regards,

1236
HarshChavda
Staff
Staff

Created on ‎07-05-2024 01:40 PM

Hello,

 

Can you verify source and destination in policy look up and Check to see there are no other firewall rules that supersede this rule.  Remember that firewall rules are processed from top-to-bottom.

1371
itmdadmin
New Contributor II
In response to HarshChavda

Created on ‎07-07-2024 11:30 PM

there is no other policy that will supersede those two rules

1308
0 Kudos
sw2090
SuperUser
SuperUser

Created on ‎07-07-2024 11:51 PM

what I see is that your one schedule's ending time is exactly the start time of the other and vice versa.

Probably this might result in sessions being created with wrong policy because both are active for that minute and then the first will  match?

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
1304
itmdadmin
New Contributor II
In response to sw2090

Created on ‎07-08-2024 12:04 AM

we had try setting the start time and end time with 1 min different but still the same result. 

1296
0 Kudos
smaruvala
Staff
Staff

Created on ‎07-08-2024 04:30 AM

Hi,

 

- Do you see the issue all the time or only for a specific period of time every day?

- Is the "fast-policy-match" configuration enabled in the Firewall? 

 

Regards,

Shiva

1246
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.