FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
hrahuman_FTNT
Article Id 191258
Description
This article describes logging of access control list policy.

Solution
The ACL feature is available on FortiGate with NP6-accelerated interfaces.

ACL checking is one of the first things that happens to the packet and checking is done by the NP6 processor.

The result is very efficient protection that does not use CPU or memory resources.

These ACLs drop IPv4 or IPv6 packets at the physical network interface before the packets are analyzed by the CPU.

Logs will get generated only when traffic comes to CPU. For the above reasons it can't get logging for ACL policy. 

If FortiGate wants to  log, block using normal IPv4 or IPv6 policy and enable logging.


Contributors