security events "Application Control" and "Web Filter

unknown1020 · ‎01-21-2024

Good morning friends, can you help me with this question.
Currently I have internet exit policies in the FW but none of them have the "application control" profiles or the "web filter". By not having these two profiles enabled, does that mean that security events cannot be displayed as shown in the image?

Shouldn't the log & report option >> forward traffic show that information about the navigation of applications or web content?

sahmed_FTNT · ‎01-21-2024

Hello, kindly make sure you have selected Log All option in the policy to collect the logs, also make sure Application and Web filter is selected in the IPv4 policy

Security all we want

unknown1020 · ‎01-21-2024

Hello, the policy does have log recording enabled.
So by not having the app control and web filter profiles enabled, you will not be able to see the events, for example, which application the users accessed or which web domains they accessed?

sakuraju · ‎01-21-2024

Hello, web filter and application control profiles should be enabled on the internet policy to see the event logs.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Web-filter-logs-are-not-visible-and-gettin...

salemneaz · ‎01-21-2024

If the UTM profiles are not enabled at the Policy then the logs and report will not be shown, also check if the event logging is enabled at the logs and report settings.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-configure-logging-in-memory-in-late...

hbac · ‎01-22-2024

Hi @unknown1020,

If none of your firewall policies have "application control" or "web filter" enabled, "application control" and "web filter" events will not be generated. That's an expected behavior.

Regards,