FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

This article describes that, In the VPN event logs, the below example of log can be received:


date=aaaa-bb-cc time=14:57:03 id=7043999867294711827 itime="aaaa-bb-cc 14:57:03" euid=2 epid=2 dsteuid=2 dstepid=2 logver=604071911 logid=0101039944 type="event" subtype="vpn" level="information" action="ssl-alert" msg="SSL alerts" logdesc="SSL VPN alert" user="N/A" remip=x.x.x.x group="N/A" tunnelid=0 tunneltype="ssl" dst_host="N/A" reason="warning" desc="close notify" eventtime=1640059023563861162 tz="+1100" devid="FGTSERIALNO" vd="root" csf="FABRIC-NAME" dtime="aaaa-bb-cc 14:57:03" itime_t=1640059023 devname="FGT-NAME"


Note that some details of the above log have been altered for privacy reasons.

Scope FortiGate .

This is an alert for closing the SSL-VPN connection, right before the FIN packet.


When either the client or the server is ready to end the connection, both issue the SSL_shutdown() function to indicate that the SSL connection is ending normally.

This causes an SSL record whose type is alert to flow.

For this, the type of alert is close notify, which means the SSL session is ending.


To stop receiving this log message, it can be excluded using the log id and the below steps from FortiGate CLI:

# config log disk filter
    set filter-type exclude
    set filter [logid]