FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bthomaj
Staff
Staff
Description
Session or connection attempts that are established to a FortiGate interface, are by default not logged if they are denied.  The following can be configured, so that this information is logged.

Scope
FortiOS 2.80, 3.x,4.x,5.x

Solution
FortiOS 2.8, 3.x

1. Enable logging the of the denied traffic.

Fortigate # config sys global
(global)# set loglocaldeny enable
(global)# end


 You then can check with get sys global to see if loglocaldeny is enabled.

2. Create a deny policy from external to internal and check the logs.

FortiOS 4.x

Fortigate # config system global
(global)# set fwpolicy-implicit-log enable
(global)# set loglocaldeny enable
(global)# end


This will log denied traffic on implicit Deny policies.

Optional: You can create deny policy and log traffic.

FortiOS 5.x

Fortigate # config log setting
(global)# set fwpolicy-implicit-log enable


This will log denied traffic on implicit Deny policies.

Optional: You can create deny policy and log traffic .

You need to create a policy with Action DENY, the policy action blocks communication sessions, and you can optionally log the denied traffic. If no security policy matches the traffic, the packets are dropped. A DENY security policy is needed when it is required to log the denied traffic, also called “violation traffic”.

Other settings to consider:

Fortigate # config log setting
local-in-deny-unicast: enable
local-in-deny-broadcast: enable

Related Articles

How to configure the logging of Denied Traffic to a FortiGate interface

Contributors