Hi Folks!
Hope you are all doing well, I am new to the firewall role. I would like to ask why I cant see any denied logs related on our block list policy. we have this group for IP address and full qualified domain, we plae any malicious object from this group. but as I checked, It has block other IP address that are not included on the repository. and the IP address that are on the group are not is it because the user are not accessing this IP or I cant see it because of the 7 days log retention. I would appreciate your insights on this Also here is the policy (Version 7.2.8)
Name | From | To | Source | Destination | Schedule | Service | Action | Log |
Block Inbound Traffic | any | any | Group of Malicious IP and FQDN detected from Qradar | all | always | ALL | DENY | Enabled |
Block Outbound Traffic | any | any | all | Group of Malicious IP and FQDN detected from Qradar | always | ALL | DENY | Enabled |
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Ben
If you the logging is enabled in the rules and you don't see any logs then no traffic is matching those rules. In other words all the requested traffic has been allowed so far.
On the other hand if you need to set the log retention for more than 7 days then you need to do it via CLI.
config log disk setting
set maximum-log-age 60
end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.