Hello Team,
In my network with fortigate firewall with fortios 7.2.7 I am having an issue that I cant find a resolution when inverstigating my firewall logs.
all access logs are stored no problems with action accept/deny, when that is according to a policy role.
But when ever I try to connect to server to a non opened port then we supposed to rejected by the server but the log still logged with the action accept or Deny when is not happening.
how to find these logs that was not successful "from my destination" but allowed from the side of the firewall it self.
knowing that I am running my firewall in policy-based mode.
And, when checking the logs, what does policy Name "Default" means that I see in the logs received alot?
TIA.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I see, I misunderstood.
A RST-ACK is a normal response from a system when a port is closed and inactive, when there's no firewalling done (~the RST-ACK response isn't blocked/disabled).
A SYN -> RST-ACK exchange is expected to be logged as action="server-rst", assuming you're logging all traffic in the matching firewall policy. (it's a non-UTM-related result, so )
Good, then what if I have enabled all traffic logs, but firewall no logging these packets? this my case here.
If everything is correct, then that would suggest a bug in the logging mechanism, in which case the next step would be a follow-up with TAC to reproduce and potentially report it further for fixing.
I would recommend to double-check and make absolutely sure that the traffic is matching the expected firewall policy.
If you're unable to find access logs for unsuccessful connections, make sure that logging for failed attempts is enabled in your firewall or VPN settings. On FortiGate devices, you can check the Event Log or VPN Log under Log & Report > Forward Traffic or System Events. Ensure the log level is set to capture detailed information and filter the logs for errors or failed attempts. Additionally, review client-side logs for VPN issues, enable debugging if needed, and ensure there are no firewall rules blocking log entries. Properly configured logging and log levels will help capture all connection attempts.
I cant find this Event Log or VPN Log under Log & Report > Forward Traffic or System Events to to ensure the log level. Fortios 7.2.7
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1731 | |
1098 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.