Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortinetforumfiokom
New Contributor II

Created on ‎05-07-2024 02:34 AM

How to enable a "Log violation traffic" in DENY policy

Hi,

I created a DENY policy (see. picture below). I tried to enable log violation traffic, but after click OK, and than reedit the policy it is switched off again. This is a normal behaviour?

 

Policy.png

 

620
0 Kudos
1 Solution
ebilcari
Staff
Staff
In response to fortinetforumfiokom

Created on ‎05-07-2024 06:11 AM

This issue is already reported and affects the 7.4 firmware branch. It is already fixed and will be included in future releases (#985419). It is classified only as a GUI issue, if logging is enabled through CLI it will log the traffic.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

View solution in original post

513
0 Kudos
14 REPLIES 14
AEK
SuperUser
SuperUser

Created on ‎05-07-2024 03:42 AM

Hi

This is not normal. Probably a bug.

Which FortiOS version?

Also you may try edit your firewall policy from CLI and enter the following.

set logtraffic all

 

AEK
AEK
413
0 Kudos
fortinetforumfiokom
New Contributor II
In response to AEK

Created on ‎05-07-2024 04:46 AM

I have fortigate 201F and a 81F with v7.4.3 build2573 firmware. The same thing happens on both. I tried it from another browser, but the result is the same. 

I had already set in the policy : 

set logtraffic all

 

 

401
0 Kudos
AEK
SuperUser
SuperUser
In response to fortinetforumfiokom

Created on ‎05-07-2024 05:47 AM

What you see when you edit the policy and type "show full | grep logtraffic"?

AEK
AEK
371
fortinetforumfiokom
New Contributor II
In response to AEK

Created on ‎05-07-2024 05:49 AM

FortiGate-81F (utibvd) # show full | grep logtraffic
set logtraffic all
set logtraffic-start disable
set logtraffic all
set logtraffic-start disable
set logtraffic all
set logtraffic-start disable
set logtraffic all
set logtraffic-start disable
set logtraffic all
set logtraffic-start disable
set logtraffic all
set logtraffic-start disable
set logtraffic all
set logtraffic-start disable

368
0 Kudos
AEK
SuperUser
SuperUser
In response to fortinetforumfiokom

Created on ‎05-07-2024 06:04 AM

I mean edit the affected policy first:

config firewall policy
 edit XX
  show full | grep logtraffic

 

AEK
AEK
355
0 Kudos
AEK
SuperUser
SuperUser
In response to AEK

Created on ‎05-07-2024 06:05 AM

No worries, it means it is "all", so @AnthonyH is right about the cosmetic issue, the logging is enabled but GUI simply doesn't show that it is enabled.

AEK
AEK
332
hbac
Staff
Staff
In response to fortinetforumfiokom

Created on ‎05-07-2024 06:23 AM Edited on ‎05-07-2024 06:23 AM

Hi @fortinetforumfiokom,

 

It is a bug and it will be fixed in 7.4.4. 7.4.4 should be released next week if there is no delay. 

 

Regards, 

317
0 Kudos
AnthonyH
Staff
Staff

Created on ‎05-07-2024 05:25 AM

Hello fortinetforumfiokom,

 

This may be a cosmetic issue in the GUI. When you edit the policy in the CLI are you see the logging enabled here? Or do you see any traffic being denied in the logs?

Technical Support Engineer,
Anthony.
394
fortinetforumfiokom
New Contributor II
In response to AnthonyH

Created on ‎05-07-2024 05:57 AM

1. if I create a new rule and don't set the logging, it won't log

2. turn on Log violation traffic on the gui in the policy, it starts logging, but next time if l edit the policy the Log violation traffic switch indicates that it is off. 

3. From now on I can only turn off logging from cli :set logtraffic disable

363
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.