Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
KPS
New Contributor III

Created on ‎08-20-2018 11:53 AM

Forward Log shows "not allowed"

Hi!

 

I am trying to filter the forward log, but it does not work, as it should (in my mind).

 

Log-Filter: "Result: Deny (All)" shows: No matching entries found

Log-Filter: "Action: Deny: policy violation" is showing the logs

 

Can you give me a hint on how to show all the logs of connections which are not allowed?

 

--> Tested on a FG200E with software version 5.6.5

 

Thank you

Regards,

KPS

Labels:
4658
0 Kudos
2 REPLIES 2
emnoc
Esteemed Contributor III

Created on ‎08-20-2018 01:45 PM

Not allowed by implicit   deny is typically not  logged. 1st you need to enable log on the  policies of interest regardless if it's allow deny

 

 

config firewall policy 

    edit 777

         set log-forward-traffic enable

end

 

Next for logging implict deny, you need to enable that.

 

config log setting 

    set fwpolicy-implicit-log en

end

 

keep in mind if your logging to memory,syslog, disk,etc.... your just threw more load and wasted diskspace/memory-usages and the logs will roll more often

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
1637
0 Kudos
KPS
New Contributor III
In response to emnoc

Created on ‎08-20-2018 02:30 PM

Hi!

 

The sessions are logged! I can see them with the filter:

Policy violation

 

My problem is, that the filter "Result: Deny (All)" does not match the sessions...

1637
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.