FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes that in some cases, the user may need to filter some countries out of the logs to save space on disk and for FortiAnalyzer. It will explain how to use freestyle logging to filter out 2 countries for 2 specific policies.
Scope
FortiGate v7.2, v7.4.
Solution
The following configuration is using the free-style filter to match traffic when it is either Policy 3 or Policy 2, and the destination country is the US or Canada. The action once it matches this traffic is 'exclude', so this traffic will not be logged.
To choose the log source this should be applied to, replace 'disk' with 'memory', 'fortianalyzer', etc.
config log disk filter
config free-style
edit 1
set category traffic
set filter "(((policyid 3) or (policyid 2)) and ((dstcountry \"United States\") or (dstcountry Canada)))"
set filter-type exclude
next
end
end
Note: The command 'config free-style' is unavailable when FIPS-CC mode is enabled on the device.
