FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
How to log all explicitly dropped traffic to the external
interface of a Fortigate unit.
Components
All FortiGate units running FortiOS 2.8 and 3.0 up to MR2
Steps or Commands
You can enable logging on a FortiGate unit to see if someone port scans the unit's external interface.
You can enable this type of logging using the CLI. There are two settings you can enable:
local-anomaly - Enables anomaly detection and protection on traffic to the FortiGate unit. Traffic to the FortiGate unit will consist mostly of management services.
loglocaldeny - Enable logging of failed connection attempts to the FortiGate unit that use TCP/IP ports other than the TCP/IP ports configured for management access (443 for https, 22 for ssh, 23 for telnet, and 80 for HTTP by default).
In the CLI enter the following commands:
config system global set local-anomaly enable set loglocaldeny enable
end
