Troubleshooting Tip: How to enable 'Log IPv4 Viola...

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 421460

Description

This article describes how to enable 'Log IPv4 Violation Traffic' under an Implicit deny policy when Security Fabric is configured. This applies to both root and downstream FortiGates.

Scope

FortiGate.

Solution

When trying to enable log option for an Implicit deny policy under Policy & Objects -> Firewall Policy, the option is grayed out and cannot be enabled.

Screenshot 2025-12-02 152319.png

The button will be grayed out when the Security Fabric is configured. To enable the 'Log IPv4 Violation Traffic' option on both the root and downstream FortiGates, use the following CLI commands:

config log setting

set fwpolicy-implicit-log enable

end

Afterwards, the option 'Log IPv4 Violation Traffic' will show as enabled.

Screenshot 2025-12-03 133553.png

238

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: How to enable 'Log IPv4 Violation Traffic' under an Implicit deny policy when Security Fabric is configured

You are leaving our website