FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable
Article Id 195823

Description

 

This article describes How to configure the logging of Denied Traffic to a FortiGate interface.

 

Scope

 

For All FortiGate models with v2.80.

 

Solution

 

Session or connection attempts that are established to a FortiGate interface, are by default not logged if they are denied. 

 

The following can be configured, so that this information is logged:

 

  1. Enable logging of the denied traffic.

 

Fortigate # config sys global
(global)# set loglocaldeny enable
(global)# end

 

It is then possible to check with get sys global to see if loglocaldeny is enabled.

 

  1. Create a deny policy from external to internal and check the logs.

 

Here is an example of such a log entry:

 

2004-10-20 14:06:47 log_id=0023013001 type=traffic subtype=violation pri=notice vd=root SN=651 duration=0 policyid=0 proto=6 service=19/tcp status=deny src=172.16.87.184 srcname=172.16.87.184 dst=172.16.87.183 dstname=172.16.87.183 src_int=n/a dst_int=external sent=0 rcvd=0 src_port=784 dst_port=19 vpn=n/a tran_ip=0.0.0.0 tran_port=0

Contributors