How to view connection attempts denied by firewall

You should have the implicit deny rule on the bottom. Check the box that states: Log violation traffic Turn on logging to memory on Log&Report to check what happens. An other option is to run a ' wireshark' on the commandline (tcpdump) login to the cli of your fortinet and provide the command below (replace x.x.x.x with the ip address of the vendor or the ip address of the internal server) diagnose sniffer packet any ' host x.x.x.x' If you see traffic going in 2 ways you should be ok. If this causes your screen to flow to fast you might want to specify more information like a port Example: diagnose sniffer packet any ' host x.x.x.x and port 80'

One more means, is to use the diagnose debug flow and monitor a specific host/port for traffic being deny ( might be just as equal or better output than the cli tcpdump, self explanatory with traffic being denied & by which policy-id and interface imho ); diagnose debug enable diagnose debug flow filter addr x.x.x.x diagnose debug flow show console enable diag debug flow show function-name enable diagnose debug flow trace start 200 This great when your looking at a certain host or port#s & for drops. NOTE: Increase your flow trace count to best suit your needs.

Thanks for all the valuable inputs so far. I was reading the technical note: FortiGate Logging with FortiOS 3.0 Technical Note Version 3.0 27 November 2006 01-30000-0381-20061127 Which states that I can go to System > Network > Interface and turn on logging. When I do navigate to these interface settings, there is no option for logging. The Fortigate unit I have is: Fortigate-50B 3.00-b0568(MR5 Patch 3) I have set logging level to notification, so I' m not sure why I can not find the traffic logging features.

Traffic logging is at a lower level, " information" . Also, in 3.00 you don' t have a visible Implicit Deny policy. You do have one, but it' s invisible. Just create a new policy from ' wan' to ' internal' , for all sources to all destinations, all services, action DENY, check Logging. That should do it.