cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Firewall rule misfiring

Jump to solution

Hi,

After enable raw packets for 1 rule and then did the roll out as usual, after that all the fortigate Firewall events are fire under the Rule "FortiGate_UTM Traffic Event". Now all the firewall traffic is shown as "FortiGate_UTM Traffic Event".

Please let us know any 1 fix the issue before or suggest us to fix the same.


We did the below steps with the help  of McAfee support engineer, but no luck.

1) Disabled the raw packet and roll out the policy.

2) Disabled the "FortiGate_UTM Traffic Event" rule, then all the events are being listed as "unknown events"

3) We did a Manual rule update.

4) Logged in to the receiver, and deleted the rule file for the Fortigate.

5) Pushed the policy, the issue persisted.

6) Took the sample rule uploaded that in the lab device in 9.5.0 and the rule is correctly listed.

7) Disabled the copy packet option at the global and device level, no effect.

😎 Disabled all the fortigate data sources, rolled out policies.

1 Solution

Accepted Solutions

Re: Firewall rule misfiring

Jump to solution

Select --> datasource -->policy editor --> Operation--> order ASP rules

found the "Fortigate_UTM User Authentication Event" from the order list. Once removed the same its start parsing as we expected.

Regards,

MariaJohn

View solution in original post

1 Reply

Re: Firewall rule misfiring

Jump to solution

Select --> datasource -->policy editor --> Operation--> order ASP rules

found the "Fortigate_UTM User Authentication Event" from the order list. Once removed the same its start parsing as we expected.

Regards,

MariaJohn

View solution in original post

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community