Fortigate Debug

AXISHK
AXISHK used Ask the Experts™
on
I find that a ping can't be passed through from one zone to another. Turn on the Fortigate debug and report the followings:

2017-12-29 18:30:34 id=20085 trace_id=9 func=init_ip_session_common line=5519 msg="allocate a new session-00025aa1"
2017-12-29 18:30:34 id=20085 trace_id=9 func=vf_ip_route_input_common line=2583 msg="find a route: flag=04000000 gw-192.168.2.25 via lan"
2017-12-29 18:30:34 id=20085 trace_id=9 func=fw_forward_handler line=586 msg="Denied by forward policy check (policy 0)"

"Denied by forward policy check (policy 0)" - Do can I check which policy 0 in Forgiate it is referring to ?


Thx
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi,
did you upgrade firmware lately ? Does TCP work ? Is it only ICMP not passing through ?

If so, then you should check the following command:
show firewall service custom ALL

If it does not output "IP" you may have encountered a fortinet bug, which luckily is very easy to fix:

The fix is to navigate to Policy & Objects > Objects > Services > ALL and change Protocol Number to 0 (zero)

here is a very helpful link:
https://forum.fortinet.com/tm.aspx?m=119542

hope this helps
max

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial