I am using V2.8 MR5 of Fortigate-400.
I would like to log all the traffic hitting anything visible (routable) behind the firewall. Is there a way to enable the default " deny all" rule for the inbound traffic ? I' ve tried to give an explicit " deny all" rule (0.0.0.0/0.0.0.0 -> 0.0.0.0/0.0.0.0 ANY DENY) but it does not block or log anything. A fortinet engineer says because the rules on virtual IP address get matched first and therefore the explicit DENY ALL rule is bypassed. This sounds pretty unlogical to me. Any idea about this ? How can I make this work ?