There are so many policies and profiles that can result in traffic being blocked, it can be difficult to analyze all the logs to determine why. I would suggest adding a "Block Report" to a FortiGate and/or FortiAnalyzer that focuses on giving an administrator a quick diagnosis of why a packet, application or connection it's being blocked. It might be similar to the "Local Traffic" log, but provides more details about why traffic was dropped.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I think it is already here.
In traffic log, when you double-click on the line of a blocked traffic it will show in the right panel which policy has blocked the traffic. And also in UTM logs (App, SSL, IPS and so), you can see more information when you double-click on the log entry.
On the other hand, further information can be seen with debug command (diag debug flow ...)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.