Technical Tip: How to troubleshoot when FortiManager tries to unset fwpolicy-implicit-log

1. When performing a policy package installation, the user may come across the scenario where FortiManager is trying to unset fwpolicy-implicit-log within the installation preview although the fwpolicy-implicit-log is already set to enabled in the device database.

config log setting

    unset fwpolicy-implicit-log enable

end

2. The user can verify the implicit log configuration of the firewall policy within the policy package. If the implicit log is set to 'Disable' or 'No Log' within the firewall policy, FortiManager will try to disable the implicit log setting during the policy package installation.
3. To ensure FortiManager does not disable the implicit log setting during policy package installation, ensure 'Log IPv4/6 Violation Traffic' is enabled in the firewall policy within the policy package.