Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hrahuman_FTNT
Staff
Staff

Created on ‎03-14-2022 10:59 PM Edited on ‎11-01-2024 09:11 AM By Moderator

Article Id 206881

Technical Tip: Difference between 'Security Events' and 'All session' in Log Allowed Traffic in Firewall Policy

Description This article describes the difference between 'Security Events' and 'All session' in Log Allowed Traffic in Firewall Policy.
Scope FortiGate.
Solution

Log 'Security Events' will only log Security (UTM) events (e.g. AV, IPS, firewall web filter), providing one of them has been applied to a firewall (rule) policy.

 

'Log all sessions' will include traffic log include both match and non-match UTM profile defined.

 

To edit the firewall policy logging in the web GUI:

 

gui_screenshot.jpg

 

To edit the firewall policy logging on the CLI:

 

config firewall policy
    edit 1
       set logtraffic {all | utm | disable}
    next
end

 

all Log all sessions accepted or denied by this policy.
utm Log traffic that has a security profile applied to it.
disable Disable all logging for this policy.
11847
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.