<div>
<div class="content wysiwyg-content">
I find that a ping can't be passed through from one zone to another. Turn on the Fortigate debug and report the followings:<br />
<br />
2017-12-29 18:30:34 id=20085 trace_id=9 func=init_ip_session_commo<wbr />n line=5519 msg=&quot;allocate a new session-00025aa1&quot;<br />
2017-12-29 18:30:34 id=20085 trace_id=9 func=vf_ip_route_input_com<wbr />mon line=2583 msg=&quot;find a route: flag=04000000 gw-192.168.2.25 via lan&quot;<br />
2017-12-29 18:30:34 id=20085 trace_id=9 func=fw_forward_handler line=586 msg=&quot;Denied by forward policy check (policy 0)&quot;<br />
<br />
&quot;Denied by forward policy check (policy 0)&quot; - Do can I check which policy 0 in Forgiate it is referring to ?<br />
<br />
<br />
Thx
</div>
</div>


I find that a ping can't be passed through from one zone to another. Turn on the Fortigate debug and report the followings:

2017-12-29 18:30:34 id=20085 trace_id=9 func=init_ip_session_common line=5519 msg="allocate a new session-00025aa1"
2017-12-29 18:30:34 id=20085 trace_id=9 func=vf_ip_route_input_common line=2583 msg="find a route: flag=04000000 gw-192.168.2.25 via lan"
2017-12-29 18:30:34 id=20085 trace_id=9 func=fw_forward_handler line=586 msg="Denied by forward policy check (policy 0)"

"Denied by forward policy check (policy 0)" - Do can I check which policy 0 in Forgiate it is referring to ?


Thx

Fortigate Debug

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.