Skip to main content
Leovigildo
Leovigildo
New Member
September 28, 2024
Question

Do not show the policies found in Firewall policy (Implicit Deny) in FortiAnalyzer.

  • September 28, 2024
  • 3 replies
  • 2279 views

I have a Fortigate F2K60FTK21900432 Fortigate proxy.

We have explisit-web-proxy policies that we normally use and its logs are sent to FortiAnalyzer . example :

 

But we also have the Implicit Deny policy found in Firewall Policy.

 

My problem is that the logs of the latter (Implicit Deny - Firewall Policy) appear in FortiAnalyzer and I do not want to have them because they generate confusion when analyzing the traffic in Fortinalizer.


Question: how can I prevent these logs from not being sent to Fortianalyzer.
Thanks for your help team

 

 

 

3 replies

ebilcari
Staff
ebilcari
Staff
September 28, 2024

You can check the policy if the option 'Log IPv4 Violation Traffic' is enabled like shown here.

Emirjon
    Leovigildo
    LeovigildoAuthor
    New Member
    September 29, 2024

    Hello ebilcari thank you for your cooperation but:

    I had already seen this information on that website, anyway I did the test but I still see these local logs in my Fortianalyzer.
    To be exact there are:
    Forward Traffic - the ones I want to see in Fortianalyzer
    Local Traffic - I don't want to see them in Fortianalyzer

    abelio
    SuperUser
    abelio
    SuperUser
    September 29, 2024

    Hello Leovigildo

     

    Could you please share to the forum the output of  " show full log setting" CLI command in that fortigate?

      Leovigildo
      LeovigildoAuthor
      New Member
      September 30, 2024

      PROXY_MFG12_1  # show full log setting
      config log setting
      set resolve-ip disable
      set resolve-port enable
      set log-user-in-upper disable
      set fwpolicy-implicit-log disable
      set fwpolicy6-implicit-log disable
      set log-invalid-packet disable
      set local-in-allow disable
      set local-in-deny-unicast disable
      set local-in-deny-broadcast disable
      set local-out enable
      set local-out-ioc-detection enable
      set neighbor-event disable
      set brief-traffic-format disable
      set user-anonymize disable
      set fortiview-weekly-data disable
      set expolicy-implicit-log enable
      set log-policy-comment disable
      set faz-override disable
      set syslog-override disable
      set rest-api-set disable
      set rest-api-get disable
      end

       

      this is my proxy configurationUndesirable traffic in Fortianalyzer.png

      Leovigildo
      LeovigildoAuthor
      New Member
      September 30, 2024

      PROXY_MFG12_1  # show full log setting
      config log setting
      set resolve-ip disable
      set resolve-port enable
      set log-user-in-upper disable
      set fwpolicy-implicit-log disable
      set fwpolicy6-implicit-log disable
      set log-invalid-packet disable
      set local-in-allow disable
      set local-in-deny-unicast disable
      set local-in-deny-broadcast disable
      set local-out enable
      set local-out-ioc-detection enable
      set neighbor-event disable
      set brief-traffic-format disable
      set user-anonymize disable
      set fortiview-weekly-data disable
      set expolicy-implicit-log enable
      set log-policy-comment disable
      set faz-override disable
      set syslog-override disable
      set rest-api-set disable
      set rest-api-get disable
      end

      Terms & ConditionsAccessibility statement