Firewall rules do not work properly with Flow-based mode with Policy-based.
I have two 600D in an Active - Passive cluster with 5 vdoms with FortiOS 5.6.0.
I have configured them in Flow-based mode with Policy-based NGFW.
When I create a deny rule that blocks RemoteAccess and a allow rule with TeamViewer, TCP traffic stops running as it should.
ICMP and UDP works.
If I move down the allow rule then the TCP traffic works.