Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rsondal
Staff
Staff

Created on ‎01-20-2025 09:33 PM

Article Id 371366

Technical Tip: How to understand the UTM block logs under forward traffic

Description This article describes UTM block logs under forward traffic.
Scope FortiGate.
Solution
  1. Check SSL application block logs under Log & Report -> Forward Traffic.

 

ssl1.JPG

 

ssl2.JPG

 

  1. Forward Traffic will show all the logs for all sessions.
  2. The procedure to understand the UTM block under Forward Traffic is always to look to see UTM logs for same Time Stamp.
  3. Check how many UTM profiles have been applied on the specific policy by which traffic is getting block. 

 

Example:

 

ssl3.JPG

 

  1. One by one check these UTM logs under log & report -> Security Events (Then select UTM profile one by one).
  2. Check UTM logs for the same Time stamps and Session ID as shown in the below example. 

 

First example:

  • Forward Traffic Log:

 

ssl4.JPG

 

  • UTM Log:

 

ssl5.JPG

 

  • Second example:

Forward Traffic Log:

 

ssl6.JPG

 

UTM Log:

 

ssl7.JPG

 

  1. In both the examples above, it shows that it is getting blocked by the Web filter profile as the URL belongs to the  denied category.
6548
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.