I am doing some labs using Fortigate 201E.
By troubleshooting, I found out that there were many logs in policy 0, deny any any (the bottom line of policy).
Details showed it is "Threat 131072, threat score 30". The concerned protocols were HTTPS, Ping.
In order to get more details, I inserted the 1st line "permit any any" so all traffic should match this line, I am sure.
But strangely, there were still some logs in policy 0 saying threat.
I am very confused of this behavior because, as far as I understand, all traffic should pass over the first line of policy without going down to the last line policy 0.
anyone know the root cause? Your replies are very appreciated.