Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
championc1
New Contributor

Created on ‎06-14-2023 02:52 AM

Finding applicable Fortigate rules from hits in FortiAnalyzer logs - Help needed

Hi all,

Is it possible to find the relevant Fortigate FW and Security Policy Rule being used when some traffic is logged ?

The log entries obviously contain the Data Source ID which identifies the Device, but I can be difficult to then identify the VDOM and FW Policy Rule

Cormac Champion
Cormac Champion
Labels:
1296
0 Kudos
5 REPLIES 5
saneeshpv_FTNT
Staff
Staff

Created on ‎06-14-2023 05:06 AM

Once you find the matching logs in FAZ, if you click on the logs for more details you can find the VDOM details as well as policy ID as attached

FAZ.png

1281
championc1
New Contributor

Created on ‎06-14-2023 06:53 AM Edited on ‎06-14-2023 06:58 AM

Great thanks.  I was looking under Fabric > All rather than under Fortigate > Traffic
The traffic I have is showing as Virtual Domain "root" and a Policy ID of 0 (Zero) - which, if I understand correctly, is the implicit deny rule - and when I look at it, it does indeed show as being a DENY, so I'm a bit confused

Cormac Champion
Cormac Champion
1270
0 Kudos
Stephen_Daniel
Staff
Staff
In response to championc1

Created on ‎06-14-2023 07:08 AM

Policy id 0 is the default implicit deny policy. Drop all. Could you please share a sample log?

Implicit_deny_default.PNG

1262
0 Kudos
championc1
New Contributor

Created on ‎06-14-2023 07:14 AM

See below

cap1.jpgcap2.jpg

Cormac Champion
Cormac Champion
1259
0 Kudos
saneeshpv_FTNT
Staff
Staff
In response to championc1

Created on ‎06-14-2023 10:25 PM

These are your Local Traffic logs originated from FGT or Destined to FGT which will also have Policy ID 0.

 

Please refer to below link for more information

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Local-traffic-logs-and-policy-ID-0/ta-p/19...

1243
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.