In logs, you need to consider the entire log entry and the events leading up to the "close" action to determine the nature of the session. Look for additional information, such as source IP, destination IP, and the log sequence to understand the context of the session.
To assess the success or failure of a connection and whether it was permitted by the firewall, you should look for other relevant log entries that provide more details. The "close" action itself doesn't provide sufficient information to make that determination also check this document for your reference on LOG_ID_TRAFFIC_END_FORWARD
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.