FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article
DescriptionHow to log traffic violation on the Virtual IP.
Components
  • All FortiGate units
  • See also related article "Technical Tip : configuring a Firewall Policy with action = DENY to log unauthorized traffic, also called "Violation Traffic"   
Steps or Commands

To log traffic violation on the Virtual IP (VIP), you have to use a clean-up DENY rule in the end of the firewall policy list, with the destination address as the VIP. Using "all" instead of VIP, no log will be shown.

The following is a sample CLI configuration.

Config firewall vip
 edit "MY_VIP"
  set extip 192.168.1.1
  set extintf "external"
  set mappedip 10.0.0.1
 next
end
Config firewall policy
 edit 1
  set srcintf "external"
  set dstintf "internal"
   set srcaddr "all"
   set dstaddr "My_VIP"
  set schedule "always"
   set service "ANY"
  set logtraffic enable
 next
end


Related Articles

Technical Tip : configuring a Firewall Policy with action = DENY to log unauthorized traffic, also c...