FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
js2
Staff
Staff
Article Id 192466

Description

 

This article describes how to resolve an issue where local traffic logs are not visible under Logs & Reports and the page shows the message 'No results'.

 

Scope

 

FortiGate.


Solution


Identify exactly where logs are displayed from in the unit.

 
In the above screenshot, the log location is set to the disk, so it is necessary to verify the log disk settings.
 
show full-configuration log disk filter
config log disk filter
set severity information        <- Make sure severity is set to information.
set forward-traffic enable
set local-traffic disable       <-
set multicast-traffic enable
set sniffer-traffic enable
set anomaly enable
set voip enable
set gtp enable
set filter ''
set filter-type include
end
 
The 'local-traffic' option is set to disable due to which local-traffic logs are not showing in FortiGate.

Enable the option and verify the logs.
 
config log disk filter
    set local-traffic enable
end
 
In cases where said log location is memory or FortiCloud, follow these settings.
 
config log memory filter
    set local-traffic enable
end

config log fortiguard filter
    set local-traffic enable
end

Additionally, make sure to enable the following options in log settings.
 
config log setting
    set local-in-allow enable          <- Show logs for traffic designated to FortiGate such as ping, management.
    set local-out enable              
<- Show logs of traffic generated from FortiGate.
end
 
Traffic designated to FortiGate:
 
 
Traffic generated from FortiGate:
 

 

Note: As of FortiOS 7.6, Local Traffic Logging can be enabled on a Local-In Policy basis. This will allow more granular control over target logging on specific local-In policies. In turn, this would reduce over-generalized logging. 

 

config log setting

set local-in-policy-log {enable | disable}

end

config firewall local-in-policy

edit <id> <- Point specific Local-In policy in question.

set logtraffic {enable | disable}

end

end

 

See the release notes for further information about this feature.