| Description | This article describes how to capture local intra-zone traffic logs when intra-zone traffic is set allow. |
| Scope |
Fortigate |
| Solution |
Lan port 2 and port 4 are part of the intra-zone. Both interfaces are used for local traffic.
Configuration.
config system zone show config system zone edit "zone" set intrazone allow <- This function allow communication between interface which is part of zone. set interface "port2" "port4" end
As intra-zone traffic is allow in configuration, Port2 subnet can reach Port 4 subnet and vice versa without firewall policy. As the zone interface is not used in a firewall policy, the log is not going to show in forward policy logs. Intra-zone local traffic logs show in local traffic in Log and Reports.
First, enable local traffic logs in the log setting.
Check local intra-zone traffic in Local Traffic logs.
|
