Troubleshooting Tip: Missing Traffic logs on VM when the Ingress and Egress interface are same for the traffic
| Description | This article describes the event that occurs when no logs are displayed on the FortiGate when traffic Ingresses and Egresses from the same interface. |
| Scope | FortiGate-VM. |
| Solution | This is a common scenario in Cloud or VM environments when the traffic is expected to Ingress and Egress from the same interface, making FortiGate act as a one-arm sniffer or SNAT purposes. 2025-03-19 10:54:49.603554 port2 in 10.212.105.163.59880 -> 10.20.134.15.443: syn 940505181 This is an expected behavior when 'allow-traffic-redirect' is enabled under system settings. The traffic is redirected instead of flowing through the policy set. This behavior is enabled by default, but it can be modified under system global settings. config system global
Starting from FortiOS v7.6.5, 'set allow-traffic-redirect' is now disabled by default; hairpin traffic as described above will now be required to match a policy instead of being forwarded. For the change behavior, see: Policy check required for hairpin traffic.
Note: Starting from versions v7.0.16, v7.2.11, v7.4.4, and v7.6.0, FortiGate introduced a change in traffic handling where enabling allow-traffic-redirect bypasses the need for a firewall policy or existing session, allowing traffic to be redirected seamlessly, whereas disabling allow-traffic-redirect causes FortiGate to check for a firewall policy matching the traffic.
The command is not supported on FortiProxy. |