Fortigate with interface "any"

Packet being dropped when interface 'any' is used in policy

Packet being dropped when interface 'any' is used in policy. Bug on FG 5.0.x units.


Symptoms

Policy allows traffic with "any" interface in rules

Packet in visible on inbound interface but not on outbound (sniffer packet)

Packet Denied by forward policy check (debug flow)



Solution

Don't use interface "any" in policy rules. Rewrite rules.
Use zone instead.