First check if and how traffic enters the device. Use the filter option.
Using the FortiOSĀ packet sniffer
Assgined Internet Protocol numbers
Then check the flow through the firewall and find out the policy id
Find the system session and PolicyID
session info: proto=1 proto_state=00 duration=96 <snip> misc=0 policy_id=3 auth_info=0 chk_client_info=0 vd=0 <snip> total session 2
Then useĀ show firewall policy <id> to list the policy used for the traffic:
FGT60ELexThuis # show firewall policy 3 config firewall policy edit 3 set name "Lex" set uuid d42a3556-cb66-51e7-e20b-6be8577def0b set srcintf "internal" set dstintf "wan1" set srcaddr "Lex zolder" "Laptop Lex" "PC Huiskamer" set dstaddr "all" set action accept set schedule "always" set service "ALL" set utm-status enable set logtraffic all set av-profile "Quick block" set ips-sensor "protect_client" set application-list "block-botnet-monitor" set profile-protocol-options "custom-default" set ssl-ssh-profile "certificate-inspection" set nat enable next end
Hits: 75