Troubleshooting Tip: In explicit proxy, the 'url' column is not observed in forward logs for policies with the accept action

Currently this is as per design in the FortiGate.

Policy with ACCEPT action:

date=2025-12-08 time=11:01:51 eventtime=1765188111637297855 tz="+0100" logid="0000000010" type="traffic" subtype="forward" level="notice" vd="root" srcip=10.12.18.10 srcport=50021 srcintf="port3" srcintfrole="undefined" dstcountry="United States" srccountry="Reserved" dstip=151.101.0.81 dstport=443 dstintf="port1" dstintfrole="undefined" sessionid=26172 service="HTTPS" proxyapptype="web-proxy" proto=6 action="accept" policyid=2 policytype="proxy-policy" trandisp="snat" transip=10.5.14.20 transport=15022 appcat="unscanned" duration=4 wanin=8179 rcvdbyte=8179 wanout=2452 lanin=2662 sentbyte=2662 lanout=8251

Policy with DENY action:

date=2025-12-08 time=11:02:49 eventtime=1765188168799632704 tz="+0100" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=10.12.18.10 srcport=50344 srcintf="port3" srcintfrole="undefined" dstip=151.101.0.81 dstport=443 dstintf="port1" dstintfrole="undefined" srccountry="Reserved" dstcountry="United States" sessionid=26494 proto=6 action="deny" policyid=3 policytype="policy" service="HTTPS" trandisp="noop" url="https://bbc.com/" agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36" appcat="unscanned" duration=0 sentbyte=206 rcvdbyte=0 sentpkt=0 rcvdpkt=0 crscore=30 craction=131072 crlevel="high" msg="Traffic denied because of explicit proxy policy"

After performing the following change, the 'dstname' column will be observed in logs.

config log setting
    set resolve-ip enable <-----
end

Related articles: 
Configuring FortiGate and FortiAnalyzer to resolve IPs to hostnames 
How to show accessed URLs and resolve hostnames in forward traffic log 

date=2025-12-09 time=15:22:59 eventtime=1765290179111579630 tz="+0100" logid="0000000010" type="traffic" subtype="forward" level="notice" vd="root" srcip=10.12.18.10 srcname="10.12.18.10" srcport=50897 srcintf="port3" srcintfrole="undefined" dstcountry="Germany" srccountry="Reserved" dstip=151.101.0.81 dstname="bbc.com" dstport=443 dstintf="port1" dstintfrole="undefined" sessionid=27034 service="HTTPS" proxyapptype="web-proxy" proto=6 action="accept" policyid=2 policytype="proxy-policy" trandisp="snat" transip=10.5.146.205 transport=4826 appcat="unscanned" duration=2 wanin=4438 rcvdbyte=4438 wanout=1873 lanin=2077 sentbyte=2077 lanout=4510

However, the 'dstname' column is not exactly the same as the 'url' column.

If the Web Filter profile is configured in the firewall policy, it is possible to see the 'url' column in web filter logs.

date="2023-12-09" time="17:41:37" id=7210195688406122522 type="utm" subtype="webfilter" level="notice" action="passthrough" policyid=1 srcip="10.12.18.10" dstip="208.89.12.87" srcport=50255 dstport=443 proto=6 logid="0317013312" service="HTTPS" srcintfrole="lan" dstintfrole="undefined" direction="outgoing" ratemethod="domain" reqtype="referral" url="https://va.v.liveperson.net/api/js/30187337?sid=rVPhGcx-S6-IG0U437f2Fw&cb=lpCb16252x22237&t=ip&ts=1678779697336&pid=5512551495&tid=2136487101&vid=NmMDQ2YWUzN2E5N2VhNjAx" hostname="va.v.liveperson.net" profile="default" agent="Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36" catdesc="Information Technology" eventtype="ftgd_allow" srcintf="port2" dstintf="port1" referralurl="https://www.godaddy.com/en-ca" msg="URL belongs to an allowed category in policy" tz="-0700" policytype="proxy-policy" srccountry="Reserved" dstcountry="United States" httpmethod="GET" vd="root"