Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Fortiben1
Visitor

Can't see blocked IP and FQDN Logs on deny policies

Hi Folks!

 

Hope you are all doing well, I am new to the firewall role. I would like to ask why I cant see any denied logs related on our block list policy. we have this group for IP address and full qualified domain, we plae any malicious object from this group. but as I checked, It has block other IP address that are not included on the repository. and the IP address that are on the group are not is it because the user are not accessing this IP or I cant see it because of the 7 days log retention. I would appreciate your insights on this Also here is the policy (Version 7.2.8)

 

NameFromToSourceDestinationScheduleServiceActionLog
Block Inbound TrafficanyanyGroup of Malicious IP and FQDN detected from QradarallalwaysALLDENYEnabled
Block Outbound TrafficanyanyallGroup of Malicious IP and FQDN detected from QradaralwaysALLDENYEnabled
1 REPLY 1
AEK
SuperUser
SuperUser

Hello Ben

If you the logging is enabled in the rules and you don't see any logs then no traffic is matching those rules. In other words all the requested traffic has been allowed so far.

On the other hand if you need to set the log retention for more than 7 days then you need to do it via CLI.

config log disk setting
    set maximum-log-age 60
end
AEK
AEK
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors