After enable raw packets for 1 rule and then did the roll out as usual, after that all the fortigate Firewall events are fire under the Rule "FortiGate_UTM Traffic Event". Now all the firewall traffic is shown as "FortiGate_UTM Traffic Event".
Please let us know any 1 fix the issue before or suggest us to fix the same.
We did the below steps with the help of McAfee support engineer, but no luck.
1) Disabled the raw packet and roll out the policy.
2) Disabled the "FortiGate_UTM Traffic Event" rule, then all the events are being listed as "unknown events"
3) We did a Manual rule update.
4) Logged in to the receiver, and deleted the rule file for the Fortigate.
5) Pushed the policy, the issue persisted.
6) Took the sample rule uploaded that in the lab device in 9.5.0 and the rule is correctly listed.
7) Disabled the copy packet option at the global and device level, no effect.
😎 Disabled all the fortigate data sources, rolled out policies.
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.