DescriptionThis article describes logging of access control list policy.
SolutionThe
ACL feature is available on FortiGate with NP6-accelerated interfaces.
ACL checking is one of the first things that happens to the packet and
checking is done by the NP6 processor.
The result is very efficient
protection that does not use CPU or memory resources.
These ACLs drop
IPv4 or IPv6 packets at the physical network interface before the
packets are analyzed by the CPU.
Logs will get generated only when
traffic comes to CPU. For the above reasons it can't get logging for
ACL policy.
If FortiGate wants to log, block using normal IPv4 or IPv6 policy and enable logging.