Created on 01-31-2023 12:12 AM Edited on 08-13-2024 10:04 PM By Jean-Philippe_P
Description | This article describes how to enable logging for one-arm filter traffic. |
Scope | FortiGate. |
Solution |
Basically, with one-arm sniffer mode, it will examine, and log packets based on the configured IPS sensor and application control list.
So, if the UTM features are not enabled in one arm sniffer interface, it will not log anything in FortiGate or forward it to FortiAnalyzer/memory.
Enable the UTM features (IPS, Application Control) on the sniffer policy (it is not possible to use one one-arm interface in the firewall policy). Traffic sent to the interface is examined for matches to the configured IPS sensor and application control list and will be logged to FortiAnalyzer/memory.
config firewall sniffer
Check sniffer log-in log and report. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.