I seem to have run into this bug with our analyser and would like to know whether other people have also noticed this. In our logging almost a week ago i found that SIP-A wasnt reaching DIP-B so i created a policy which (youve guessed it) would allow for said communications which it consequently did... Today after i sat down at my desk i wanted to go over the old logging which showed SIP-A>DIP-B blocking in order to get timeline right. However to my surprise i noticed that the forti analyser showed the traffic as allowed. Even though it was 100% blocked on the dates it now showes as allowed (i have the screenshots from when it was blocked).
The only way for me to know that traffic was even blocked is going by that screenshot and some other small details. However, if somebody else but me were to analyse those logs (from when it was blocked) they wouldnt get the clue to what was wrong prior to me creating the policy.
Id reckon that this would defeat the purpose of keeping logs, anyway Please let me know if something needs to change on our end with regards to loggin. I just cant imagine this should be the case.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @somewhereelse ,
I would suggest to stay at the latest version 7.2.5 / 7.4.2.
And to review if the following options is set under the FGTs.
config system global
set log-uuid-address enable
end
Best,
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1468 | |
1007 | |
748 | |
443 | |
206 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.