Skip to main content
Saffana
Saffana
New Member
August 19, 2016
Question

'Not scanned' Reports

  • August 19, 2016
  • 1 reply
  • 11354 views

Hey,

The Applications and Bandwidth reports of all our customers have 99% of the bandwidth as 'not scanned'. Why is this so? In spite of us turning on the Application Control filter for all of the policies.

 

    1 reply

    Jim_FH
    Jim_FH
    New Member
    January 14, 2017

    Just wondering if you ever got resolution for this?

     

    I think i had to turn all my application sensor categories to "monitor" instead of "allow" for the logs to show the application (and not show 'not.scanned').  

     

    However, i still see "not.scanned" for a small amount of connections.  I'm going to get a ticket open with TAC and see what they say.  

    hmtay_FTNT
    Staff
    hmtay_FTNT
    Staff
    February 24, 2017

    Hello Saffana, Jim,

     

    Can I know what is your FortiOS version? In older FortiOS, the "appcat=Not.Scanned" logs show up if you set the policy to log all traffic and you do not enable an Application Control sensor. That is the most common case.

     

    The other case is mentioned by Jim. If the Application Control sensor is set to Allow, they wont be displayed in the logs. Therefore, if you set the policy to log all traffic and the signatures' action is Allow, you will get the "Not.Scanned" logs too. 

     

    If you are seeing the problem from the FortiAnalyzer, there is a bug with FortiOS 5.2.3 and below with the transmission of information between the FortiGate and FortiAnalyzer that causes "Not.Scanned" to be shown on the FortiAnalyzer when an "unknown" traffic is detected. By "unknown", it means we do not have a signature that detects the session. If you are using FortiOS 5.4 or 5.2.4 and above, you should not be affected by this bug.

     

    HoMing

     

    Terms & ConditionsAccessibility statement