Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Not applicable

Logging Denied Traffic

I use a fortigate 200a and am running MR7. We also use the fortianalyser for the firewall logs. I want to find out if we are able to see logs for traffic which is being denied. I know for every policy you can set an option to log all allow traffic, but if you wanted to see traffic which is being denied for a policy are you able to see this in the logs, or does anything need to be configured to see denied traffic.
4 REPLIES 4
p768
New Contributor

you need an explict DENY policy that you configure with Logging
Not applicable

Where can you set this explict deny on the fortigate.
red_adair
New Contributor III

solution 1 have a final rule, action DENY and check the " log violation traffic" checkbox. solution 2 All Traffic that is dropped because of implicit drop (no rule match) or violation of a state can also be logged. # conf log [syslog||fortianalyzer] filter (filter) # set other-traffic enab -R.
daveywavey
New Contributor

You can also take a look at this http://kc.forticare.com/default.asp?id=1819&Lang=1&SID= This way you can run a report on denied sources and you will see the hits from the above link. config system global set loglocaldeny enable end Davey
Forti OS 4.0: FLG_100B-v400-build0705 (4.3.7) FWF_80CM-v400-build0665 (4.3.15) Forti OS 5.0: FWF_90D-v500-build0228 (5.0.3)
Forti OS 4.0: FLG_100B-v400-build0705 (4.3.7) FWF_80CM-v400-build0665 (4.3.15) Forti OS 5.0: FWF_90D-v500-build0228 (5.0.3)
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors