Dear Community!
We are having a problem with the amount of logs generated by an FGT 1800F cluster working in NGFW - Policy-based mode.
We are using 6.4.6 and there is about 60-80k session on average.
The firewall generates about 50-60GB of logs daily (40-45GB of traffic logs, 10-15GB of Application Control logs).
We are using basic Application Control (on the policies because of the NGFW Policy-based mode), Web Filter, and IPS profiles.
In order to decrease the logging volume, we tried to change the logging action from All to UTM for the most used policies but did not help at all.
As a comparison, at another firewall cluster (around the same size network with 1800F as well) where the NGFW is set to Profile-based mode, the amount of generated logs per day is around 5-6 GB.
What can be the reason that using the cluster in NGFW Policy-based mode generates about 10 times more logs than a cluster that is in NGFW Profile-based mode? Is it possible to decrease this logging volume somehow when the gateway is in NGFW Policy-based mode?
Best Regards,
Richard
Hello Richard,
I will try to help you out, but have some questions to help me understand the problem:
Best Regards,
Vando Pereira
Dear Vando,
Apologize for the delay.
These clusters are logging to FortiAnalyzer.
Yes, in most of the policies we have the logging option set to "Log Allowed Traffic - All sessions".
However, we tried to change this from "All sessions" to "UTM" at some policies with a high hit count but did not help at all.
As we know from the TAC support, something has changed in the logging process when the gateway is in policy-based NGFW mode. Also, we are using Central NAT, and according to the TAC, it also generates logs by default.
So it looks like, that in NGFW policy-based mode, the logging process/logging method is changed, and for some reason, it is generating way more logs than usual.
And yeah, 50 GB/day of logs in NGFW policy-based mode is way more than 5 GB/day of logs in NGFW profile-based mode. It shouldn't generate this many logs per day...
Best Regards,
Richard
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.