- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Help ret-no-match, act-drop
Hello guys i receive this error when i make a ping via CLI from fortigate 40F to 8.8.8.8
In particular i write this command on CLI:
- execute ping-option source 10.2.62.97 (ip address for internal LAN)
- execute ping 8.8.8.8
after i receive this issues posted below
16:27:28 178 vd-INTERNET:0 received a packet(proto=1, 10.2.62.97:23->8.8.8.8:2048) tun_id=0.0.0.0 from local. type=8, code=0, id=23, seq=0. 16:27:28 178 allocate a new session-0003f14f, tun_id=0.0.0.0 16:27:28 178 in-[], out-[a] 16:27:28 178 len=0 16:27:28 178 result: skb_flags-00000000, vid-0, ret-no-match, act-accept, flag-00000000 16:27:28 178 gnum-100004, check-ffffffbffc041c80 16:27:28 178 checked gnum-100004 policy-1, ret-no-match, act-drop 16:27:28 178 checked gnum-100004 policy-1, ret-no-match, act-drop 16:27:28 178 checked gnum-100004 policy-2, ret-no-match, act-drop 16:27:28 178 checked gnum-100004 policy-2, ret-no-match, act-drop
I understand that seems that there is no match in policy but why if i have a policy that permit every traffic to internet.
In the debug seems that the traffic do not recognise the inbound interface in-[], out-[a] ?
Someone has already seen this strange behavior ?
Thank you
Solved! Go to Solution.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @max71
Thank you for posting your query.
Ping topology:-
Lan_subnet--------(LAN)(10.2.62.97)[FGT](WAN)------------8.8.8.8
This is an expected behavior for the locally generated traffic using the ping option from the LAN interface.
Please refer to the below KB for your reference:-
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @max71
Thank you for posting your query.
Ping topology:-
Lan_subnet--------(LAN)(10.2.62.97)[FGT](WAN)------------8.8.8.8
This is an expected behavior for the locally generated traffic using the ping option from the LAN interface.
Please refer to the below KB for your reference:-
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
