FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rsondal
Staff
Staff
Article Id 371366
Description This article describes UTM block logs under forward traffic.
Scope FortiGate.
Solution
  1. Check SSL application block logs under Log & Report -> Forward Traffic.

 

ssl1.JPG

 

ssl2.JPG

 

  1. Forward Traffic will show all the logs for all sessions.
  2. The procedure to understand the UTM block under Forward Traffic is always to look to see UTM logs for same Time Stamp.
  3. Check how many UTM profiles have been applied on the specific policy by which traffic is getting block. 

 

Example:

 

ssl3.JPG

 

  1. One by one check these UTM logs under log & report -> Security Events (Then select UTM profile one by one).
  2. Check UTM logs for the same Time stamps and Session ID as shown in the below example. 

 

First example:

  • Forward Traffic Log:

 

ssl4.JPG

 

  • UTM Log:

 

ssl5.JPG

 

  • Second example:

Forward Traffic Log:

 

ssl6.JPG

 

UTM Log:

 

ssl7.JPG

 

  1. In both the examples above, it shows that it is getting blocked by the Web filter profile as the URL belongs to the  denied category.