Description | This article describes how to make policy traffic logs visible when a loopback and VIP objects are used in the firewall policy. |
Scope | FortiGate. |
Solution |
In a scenario where a Public IP has to be translated to a private IP for SSL VPN access via loopback, the policy traffic logs are not displayed.
Example:
id=65308 trace_id=198 func=print_pkt_detail line=5857 msg="vd-root:0 received a packet(proto=6, 10.11.15.2:54413->10.11.15.1:10443) tun_id=0.0.0.0 from port2. flag [S], seq 911784195, ack 0, win 65535"
This is expected behavior because FortiGate considers this as local unicast traffic, and these logs are only visible in the local traffic logs if local-in-deny-unicast is enabled in the log settings:
config log setting
|
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.