Some times you need to know which firewall policy will allow traffic and does it have be used. I had allready posted Fortigate – Policy lookup a while ago.
diagnose firewall iprope lookup <src ip> <src port> <dst ip> <dst port> <protocol> <device>
<src_ip> Source IP address.
<src_port> Source port.
<dst_ip> Destination IP address.
<dst_port> Destination port.
<protocol> Protocol.
<device> Source interface.
diagnose firewall iprope show 00100004 29143diagnose firewall iprope lookup 192.255.185.30 222 192.127.155.237 5432 6
diagnose firewall iprope lookup 192.255.185.30 222 192.127.155.237 5432 6 aggr1.vlan0285
matches policy id: 29143diagnose firewall iprope show 00100004 <POLICY-ID>
# diagnose firewall iprope show 00100004 29143
idx=29143 pkts/bytes=630/36853 asic_pkts/asic_bytes=315/18557 nturbo_pkts/nturbo_bytes=0/0 flag=0x0 hit count:266
first:2024-04-16 06:02:27 last:2024-05-31 12:13:46
established session count:0
first est:2024-05-23 07:11:47 last est:2024-05-27 13:05:14
Patrick Marc's Networks 