Skip to main content
Magroll73
Magroll73
New Member
November 9, 2022
Solved

Fortigate Logging Problem

  • November 9, 2022
  • 1 reply
  • 1335 views

Hi, I have an strage error with logging.

I have two Test VMs (10.244.15.41 and 10.244.14.109) in AWS segmented by an Fortigate 7.2.2 

  • First I did an SSH connection from 10.244.15.41 to 10.244.14.109
  • As next step I ping 8.8.8.8 from 10.244.14.109

But the Fortigate Logging shows the connection in an wrong order with 3 Minutes delay!

forti-log.jpg

 

Date TimeSource IPDestination IPProtocolActionRule
2022/11/09 09:44:4710.244.15.4110.244.14.109SSHACCEPTAWS-Internal
2022/11/09 09:41:3810.244.14.1098.8.8.8PINGACCEPTAWS-External

 

Has anyone an explanation for this?

 

ThX Mag

Best answer by distillednetwork

Unless you change the setting in the policies, the data is logged when the session closes.  So with ICMP, it is opened and then closed right away.  An SSH will stay in the session list longer and will be added to the forward traffic logs after the session ends.

1 reply

distillednetwork
distillednetworkAnswer
Explorer II
November 9, 2022

Unless you change the setting in the policies, the data is logged when the session closes.  So with ICMP, it is opened and then closed right away.  An SSH will stay in the session list longer and will be added to the forward traffic logs after the session ends.

    Terms & ConditionsAccessibility statement