- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
cant find access log for non succesful connection
Hello Team,
In my network with fortigate firewall with fortios 7.2.7 I am having an issue that I cant find a resolution when inverstigating my firewall logs.
all access logs are stored no problems with action accept/deny, when that is according to a policy role.
But when ever I try to connect to server to a non opened port then we supposed to rejected by the server but the log still logged with the action accept or Deny when is not happening.
how to find these logs that was not successful "from my destination" but allowed from the side of the firewall it self.
knowing that I am running my firewall in policy-based mode.
And, when checking the logs, what does policy Name "Default" means that I see in the logs received alot?
TIA.
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I see, I misunderstood.
A RST-ACK is a normal response from a system when a port is closed and inactive, when there's no firewalling done (~the RST-ACK response isn't blocked/disabled).
A SYN -> RST-ACK exchange is expected to be logged as action="server-rst", assuming you're logging all traffic in the matching firewall policy. (it's a non-UTM-related result, so )
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good, then what if I have enabled all traffic logs, but firewall no logging these packets? this my case here.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If everything is correct, then that would suggest a bug in the logging mechanism, in which case the next step would be a follow-up with TAC to reproduce and potentially report it further for fixing.
I would recommend to double-check and make absolutely sure that the traffic is matching the expected firewall policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you're unable to find access logs for unsuccessful connections, make sure that logging for failed attempts is enabled in your firewall or VPN settings. On FortiGate devices, you can check the Event Log or VPN Log under Log & Report > Forward Traffic or System Events. Ensure the log level is set to capture detailed information and filter the logs for errors or failed attempts. Additionally, review client-side logs for VPN issues, enable debugging if needed, and ensure there are no firewall rules blocking log entries. Properly configured logging and log levels will help capture all connection attempts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I cant find this Event Log or VPN Log under Log & Report > Forward Traffic or System Events to to ensure the log level. Fortios 7.2.7
- « Previous
-
- 1
- 2
- Next »