Skip to main content
A
Anonymous_User
Contributor
November 2, 2010
Question

Logging of dropped traffic on external interface

  • November 2, 2010
  • 8 replies
  • 13802 views
Hi all, New to the forum. I recently purchased a fortigate 60C (v4.0,build5352,101007 (MR2) for my home and love it so far. I' m trying to monitor the traffic that is dropped on my external (Untrusted) interface without any luck. I have turned on logging on the implicit (drop all) built in rule but all that is being logged is internal (trusted) traffic that is dropped. I have also attempted to create a new rule with the source being the external interface and the destination the internal one and placed it at the bottom just above the implicit drop policy. Am I missing something? I find it helpful to see what' s actually getting dropped but in the week that its been online not one packet has been dropped and logged from the Internet. Thanks in advance

    8 replies

    abelio
    SuperUser
    abelio
    SuperUser
    November 3, 2010
    hello and welcome, use CLI to send the following commands: 
      config system global     set loglocaldeny enable  end
    That will enable logging of failed connection attempts to your 60C that use TCP/IP ports other than those for management access It' s a resources consuming setting, so keep an eye on it. regards,
    A
    Anonymous_UserAuthor
    Contributor
    November 3, 2010
    set loglocaldeny enable
    Perfect!! Thank you. This is on my home network so hopefully it won' t consume too many resources.
    A
    Anonymous_UserAuthor
    Contributor
    November 5, 2010
    Is there a CLI command to disable the logging of dropped broadcast traffic? The above command enables me to see dropped external traffic but it also gives me internal netbios broadcasts. Thanks
    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    November 5, 2010
    You may try: 
    config system interface      edit " internal"           set broadcast-forward disable          set netbios-forward disable      next  end
    A
    Anonymous_UserAuthor
    Contributor
    November 5, 2010
    Thanks. That doesn' t seem to do anything noticeable. I' m still getting tons of subnet broadcasts advertising netbios. For now, I' ve just set up a filter for a source interface of wan1 but I would like to be able to stop the logging of this traffic if possible.
    A
    Anonymous_UserAuthor
    Contributor
    February 25, 2011
    I have same problem. After: config system global set loglocaldeny enable end I' m getting tons of subnet broadcastsnetbios. How I could except this messages from logs?
    Incelli
    Incelli
    New Member
    January 25, 2012
    Hi, you can try: config log disk set extended-traffic-log disable
    MitchK
    MitchK
    New Member
    March 6, 2012
    My theory, although I haven' t tried it, is to create a rule permitting netbios broadcasts. In the config for the rule, do not check " log allowed traffic" . This would make the broadcasts allowed, but they would not be logged anymore.
    MitchK
    MitchK
    New Member
    March 7, 2012
    Unfortunately, you can' t construct the rule I mentioned above. It' s outrageous that Fortinet provides no method to suppress these broadcasts.
    Terms & ConditionsAccessibility statement