Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Magroll73
New Contributor II

Fortigate Logging Problem

Hi, I have an strage error with logging.

I have two Test VMs (10.244.15.41 and 10.244.14.109) in AWS segmented by an Fortigate 7.2.2 

  • First I did an SSH connection from 10.244.15.41 to 10.244.14.109
  • As next step I ping 8.8.8.8 from 10.244.14.109

But the Fortigate Logging shows the connection in an wrong order with 3 Minutes delay!

forti-log.jpg

 

Date TimeSource IPDestination IPProtocolActionRule
2022/11/09 09:44:4710.244.15.4110.244.14.109SSHACCEPTAWS-Internal
2022/11/09 09:41:3810.244.14.1098.8.8.8PINGACCEPTAWS-External

 

Has anyone an explanation for this?

 

ThX Mag

Always an valid answer: 42
1 Solution
distillednetwork
New Contributor III

Unless you change the setting in the policies, the data is logged when the session closes.  So with ICMP, it is opened and then closed right away.  An SSH will stay in the session list longer and will be added to the forward traffic logs after the session ends.

View solution in original post

1 REPLY 1
distillednetwork
New Contributor III

Unless you change the setting in the policies, the data is logged when the session closes.  So with ICMP, it is opened and then closed right away.  An SSH will stay in the session list longer and will be added to the forward traffic logs after the session ends.