Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ISOffice
Contributor

Local-In Policy Query

Hi all,

 

We are operating a pair of 100D Hardware Appliances (v6.2.3 build 1066 GA), running HA in an Active/Passive configuration.

I recently had cause to allow access on certain ports to the WAN interface of our appliances and I accomplished this using the Local-In Policy.

The action set for this rule was 'accept' and I'm wondering where I might view logs of this rule to verify it is working. Looking at the Local Traffic Log, the only 'accepts' I can see are Fortinet (Update Announcements).

Any suggestions would be much appreciated.

 

Best regards,

 

John P

1 REPLY 1
Dave_Hall
Honored Contributor

In the GUI, under Feature Visibility, enable "Local In Policy" (allows Local in policies to show up under Policy & Objects). For actual logging, in the CLI, set one or more options under: config log setting     set local-in-allow {enable | disable}   Enable/disable local-in-allow logging.     set local-in-deny-unicast {enable | disable}   Enable/disable local-in-deny-unicast logging.     set local-in-deny-broadcast {enable | disable}   Enable/disable local-in-deny-broadcast logging.     set local-out {enable | disable}   Enable/disable local-out logging. end Don't have access to a fgt with this feature enabled, though I assume a local in log will be recorded somewhere, either under logging or showing up under FortiView.  Someone may want to chime in here to confirm/clarify.

 

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Labels
Top Kudoed Authors