What action does a "deny" policy take in FortiGate?

A "deny" policy in FortiGate is designed to block any traffic that matches the defined criteria of the policy. This means that when a packet or a flow of traffic meets the conditions specified in the deny policy, FortiGate will not allow that traffic to continue through the firewall. This type of policy is essential for maintaining security, as it ensures that unwanted or harmful traffic does not enter or traverse the protected network.

For example, if a deny rule is established to block traffic from a specific IP address or to a certain port, any packets that meet these criteria will be dropped, preventing access to or from that address or port. This helps in enforcing security policies, isolating malicious entities, and reducing the attack surface.

The other options describe functionalities that either allow or manage traffic in a less restrictive manner, which does not apply to a deny policy. Allowing traffic without restriction, logging without blocking, or redirecting traffic signifies active engagement with the traffic, contrasting the fundamental purpose of a deny policy, which is to prohibit access entirely.