PCNSE
NSE
StrongSwan
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
PCNSE
NSE
StrongSwan
to emnoc: people are not locked to cisco approach, just want to use good inventions if its possible. Imagine i have remote site, like datacenter , and no users can help me to generate traffic but i want to test web filters and app filters under policy , i have report that access to box.com and dropbox are passing trough although i see web filter block is applied for file sharing and storage category. How can i test at this situation? Where i'd get "active" traffic in datacenter with no users there?
Man this thread is old ;)
Actually fortios has added a packet tracer like function to fortios "diag firewall iprope lookup" it can do protocol and port traffic flows and show you want policy is matched. you do not need active traffic per-se
e.g
# my policyid #10 is at the top of policy stack and is a deny and has quad9 as an address objects in it
/* cli-cmd ATLDWNPEACHTRFGT1500CORE1 # diag firewall iprope lookup 192.168.19.11 1111 9.9.9.9 80 6 internal<src [192.168.19.11-1111] dst [9.9.9.9-80] proto 6 dev internal> matches policy id: 10 Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1105 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.