Deny: policy violation... sometimes...

Author
rkacz1
New Member
  • Total Posts : 2
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/06/30 17:12:42
  • Status: offline
2020/06/30 17:22:18 (permalink) 6.2
0

Deny: policy violation... sometimes...

Running Fortigate on 6.2.3 and I have a policy set to basically allow all traffic and *sometimes* I get Deny: Policy Violation in the logs referencing this policy.  What could be causing the deny?  It does not happen all the time, just sometimes.  Traffic is hitting the policy correctly.
 
config firewall security-policy   
edit 35       
set uuid <redacted>        
set name "Outbound Allow Everything Else"       
set srcintf "Trust"       
set dstintf "virtual-wan-link"       
set srcaddr4 "all"       
set dstaddr4 "all"       
set enforce-default-app-port disable       
set service "ALL"       
set action accept       
set schedule "always"       
set logtraffic all   
next
end
#1

2 Replies Related Threads

    emnoc
    Expert Member
    • Total Posts : 5732
    • Scores: 371
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: Deny: policy violation... sometimes... 2020/07/02 20:34:51 (permalink)
    0
    Where are you seeing the deny ? if it's denied it did not 1> match that policy 2> match a "deny" policy or 3> the implicit "deny" or 4> the protocol was scrub and found in violation.
     
     
    Paste logs that you are viewing that shows the deny.
     
     
    Ken Felix
     
     
     

    PCNSE 
    NSE 
    StrongSwan  
    #2
    rkacz1
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/06/30 17:12:42
    • Status: offline
    Re: Deny: policy violation... sometimes... 2020/07/04 06:35:47 (permalink)
    0
    The deny message was first spotted in the forward traffic log and the entry referenced deny because of that specific policy (35).  However, I have since updated to 6.2.4 and those deny hits seems to have gone away.
    #3
    Jump to:
    © 2020 APG vNext Commercial Version 5.5