Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎08-28-2008 10:37 AM Edited on ‎12-16-2021 11:22 AM

Article Id 198044

Technical Tip: Interface and traffic logging in FortiOS 3.0

Article

Description Interface logging and traffic logging in FortiOS 3.0
Components
  • FortiGate units running FortiOS 3.0 MR1 and up
Steps or Commands

 

The following are examples which explain the different types of traffic logging and interface logging in FortiOS 3.0 MR1 and up.

 In FortiOS 3.0 MR7, you can only configure logging in firewall policies through the web-based manager. However, you can enable interface traffic logging for troubleshooting, if required, through the CLI. Do not enable both firewall and interface logging because it may severely degrade performance.

 If you are running FortiOS 3.0 MR7, only examples 1 and 2 are relevant.


Traffic pattern example 1: No logging enabled
  1. Packet comes into an interface.
  2. Packet passes and  is sent out an interface.
Traffic pattern example 2: Traffic and Profile logging enabled
  1. Packet comes into an interface.
  2. A possible log packet is sent regarding an event, such as URL filter.
  3. Traffic log packet is sent, per the firewall policy.
  4. Packet passes and is sent out an interface
Traffic pattern example 3: Traffic, profile and interface logging enabled
  1. Packet comes into an interface
  2. Interface log packet is sent to traffic log, if enabled on that particular interface.
  3. Possible log packet sent regarding the event, such as URL filter.
  4. If packet is sent in step 3, the interface log packet is then sent to the traffic log if it is enabled on that particular interface.
  5. Traffic log packet is sent per the firewall policy.
  6. Interface log packet sent to the traffic log if enabled on that particular interface.
  7. Packet passes and is sent out an interface.
  8. Interface log packet is sent to traffic log, if enabled on that particular interface.
Traffic pattern example 4: Profile and Interface logging enabled
  1. Packet comes into an interface.
  2. Interface log packet is sent to the traffic log is enabled on that particular interface.
  3. Possible log packet is sent regarding the event, such as URL filter.
  4. Interface log packet is sent to the traffic log if enabled on that particular interface.
  5. Packet passes and is sent out an interface.
  6. Interface log packet is sent to traffic log if enabled on that particular interface.

 

Labels:
881
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.