PCNSE
NSE
StrongSwan
iprope_in_check() check failed, dropI' ll leave you with this; http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD31702&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=49035521&stateId=0%200%2049033657 I' ll bet you have a fwpolicy problem or interface allowances. fwiw: " Deny forward " are almost always fwpolicy or lack of policy, that' s not the case here but..... You need to go back and review your fwpolicies for the src/dst ip_addresses in question and any thing tied to it. If the src/dst are you interfaces ip_address, check your ip allowaccess configs for those interfaces.If not, proceed on, and match the traffic to the fwpolicy of the unit. Remember traffic hitting a interface ip_address is not controlled by fwpolicies but traffic that transverses interface(s) , must have a fwpolicy. Qs that might lead to the correction; This looks like icmp is that correct? are any of those address on a VIP ? on a firewall vlan? or if not, do you have nat enable and maybe you don' t need it enabled? It' s really that simple
PCNSE
NSE
StrongSwan
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.