Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

log all "Allows" and all "Denies"

Hello everyone,   The Firewall is a Fortigate 100E with Version 6.0.9 Build 0335 (GA).


Is there a possibility to see all "Allows" and all "Denies" with "diag sniffer packet"?

Or else with debug mode?


I know i can see all denies in syslog.

And i if enable "Log allowed traffic -> All Sessions" on a policy i can also see allowed traffic on syslog.


But sometimes i don't know on which policy i have to enable "All Sessions" and it would be helpful to see all "Allows" and "Denies" for example with debug or diag.


Best Regards,


New Contributor

Hi danfor,


Yes, in debug mode you can see all traffic passthrough on the fortigate.

I recommend you implement a FortiAnalyzer.