- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to enable a "Log violation traffic" in DENY policy
Hi,
I created a DENY policy (see. picture below). I tried to enable log violation traffic, but after click OK, and than reedit the policy it is switched off again. This is a normal behaviour?
Solved! Go to Solution.
- Labels:
-
Firewall policy
-
FortiGate
-
Logging
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This issue is already reported and affects the 7.4 firmware branch. It is already fixed and will be included in future releases (#985419). It is classified only as a GUI issue, if logging is enabled through CLI it will log the traffic.
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
This is not normal. Probably a bug.
Which FortiOS version?
Also you may try edit your firewall policy from CLI and enter the following.
set logtraffic all
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have fortigate 201F and a 81F with v7.4.3 build2573 firmware. The same thing happens on both. I tried it from another browser, but the result is the same.
I had already set in the policy :
set logtraffic all
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What you see when you edit the policy and type "show full | grep logtraffic"?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiGate-81F (utibvd) # show full | grep logtraffic
set logtraffic all
set logtraffic-start disable
set logtraffic all
set logtraffic-start disable
set logtraffic all
set logtraffic-start disable
set logtraffic all
set logtraffic-start disable
set logtraffic all
set logtraffic-start disable
set logtraffic all
set logtraffic-start disable
set logtraffic all
set logtraffic-start disable
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I mean edit the affected policy first:
config firewall policy
edit XX
show full | grep logtraffic
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No worries, it means it is "all", so @AnthonyH is right about the cosmetic issue, the logging is enabled but GUI simply doesn't show that it is enabled.
Created on 05-07-2024 06:23 AM Edited on 05-07-2024 06:23 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It is a bug and it will be fixed in 7.4.4. 7.4.4 should be released next week if there is no delay.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello fortinetforumfiokom,
This may be a cosmetic issue in the GUI. When you edit the policy in the CLI are you see the logging enabled here? Or do you see any traffic being denied in the logs?
Anthony.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1. if I create a new rule and don't set the logging, it won't log
2. turn on Log violation traffic on the gui in the policy, it starts logging, but next time if l edit the policy the Log violation traffic switch indicates that it is off.
3. From now on I can only turn off logging from cli :set logtraffic disable