Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
KPS
New Contributor III

Forward Log shows "not allowed"

Hi!

 

I am trying to filter the forward log, but it does not work, as it should (in my mind).

 

Log-Filter: "Result: Deny (All)" shows: No matching entries found

Log-Filter: "Action: Deny: policy violation" is showing the logs

 

Can you give me a hint on how to show all the logs of connections which are not allowed?

 

--> Tested on a FG200E with software version 5.6.5

 

Thank you

Regards,

KPS

2 REPLIES 2
emnoc
Esteemed Contributor III

Not allowed by implicit   deny is typically not  logged. 1st you need to enable log on the  policies of interest regardless if it's allow deny

 

 

config firewall policy 

    edit 777

         set log-forward-traffic enable

end

 

Next for logging implict deny, you need to enable that.

 

config log setting 

    set fwpolicy-implicit-log en

end

 

keep in mind if your logging to memory,syslog, disk,etc.... your just threw more load and wasted diskspace/memory-usages and the logs will roll more often

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
KPS
New Contributor III

Hi!

 

The sessions are logged! I can see them with the filter:

Policy violation

 

My problem is, that the filter "Result: Deny (All)" does not match the sessions...

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors