What is the difference between logging UTM sessions and all sessions in the FW?

BusinessUser · ‎12-25-2023

What happens if it is a "normal" firewall rule without any filtering applied?

adimailig · ‎12-25-2023

Hi,

When "Log Allowed Traffic" in firewall policy is set to "Security Events" it will only log Security (UTM) events (e.g. AV, IPS, firewall web filter), providing you have applied one of them to a firewall (rule) policy.
'Log all sessions' will include traffic log include both match and non-match UTM profile defined.

Reference : https://community.fortinet.com/t5/FortiGate/Technical-Tip-Difference-between-Security-Events-and-All...

If there is no Security Profile enable on firewall policy and "Log Allowed Traffic" is set to "Security Events", then there will be no log generated by firewall policy.

Best Regards,

Arnold Dimailig
TAC Engineer

View solution in original post

adimailig · ‎12-25-2023

Hi,

When "Log Allowed Traffic" in firewall policy is set to "Security Events" it will only log Security (UTM) events (e.g. AV, IPS, firewall web filter), providing you have applied one of them to a firewall (rule) policy.
'Log all sessions' will include traffic log include both match and non-match UTM profile defined.

Reference : https://community.fortinet.com/t5/FortiGate/Technical-Tip-Difference-between-Security-Events-and-All...

If there is no Security Profile enable on firewall policy and "Log Allowed Traffic" is set to "Security Events", then there will be no log generated by firewall policy.

Best Regards,

Arnold Dimailig
TAC Engineer

What is the difference between logging UTM sessions and all sessions in the FW?

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website