FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 195823



This article describes How to configure the logging of Denied Traffic to a FortiGate interface.




For All FortiGate models with v2.80.




Session or connection attempts that are established to a FortiGate interface, are by default not logged if they are denied. 


The following can be configured, so that this information is logged:


  1. Enable logging of the denied traffic.


Fortigate # config sys global
(global)# set loglocaldeny enable
(global)# end


It is then possible to check with get sys global to see if loglocaldeny is enabled.


  1. Create a deny policy from external to internal and check the logs.


Here is an example of such a log entry:


2004-10-20 14:06:47 log_id=0023013001 type=traffic subtype=violation pri=notice vd=root SN=651 duration=0 policyid=0 proto=6 service=19/tcp status=deny src= srcname= dst= dstname= src_int=n/a dst_int=external sent=0 rcvd=0 src_port=784 dst_port=19 vpn=n/a tran_ip= tran_port=0