Technical Tip: Forward traffic logs are not displayed (disk logs)

Log all sessions should be enabled under Policy & Objects -> Firewall Policy.

Make sure forward-traffic is enabled under log filter. 

# show full log disk filter | grep forward
set forward-traffic enable    <--

To check if logging is enabled in the policy, use this command.

FG100D-1 (policy) # sh full | grep log
    set logtraffic utm

FG100D-1 (policy)  end

From the above output, only UTM logs are enabled, so change it to all.

config firewall policy
    edit <policy id>
        set logtraffic all
end

The severity needs to be set to 'Information' to view traffic logs from the disk.

config log disk filter

    set severity information

end

Note:

On FortiGate-30G, disk logging is limited to 'Event' logs only. For more information, refer to this KB article: Technical Tip: Limitations of Disk Logging on FortiGate-30G Firewalls