Created on 11-02-2004 12:00 AM Edited on 09-15-2023 11:21 AM By Anthony_E
Description
This article describes How to configure the logging of Denied Traffic to a FortiGate interface.
Scope
For All FortiGate models with v2.80.
Solution
Session or connection attempts that are established to a FortiGate interface, are by default not logged if they are denied.
The following can be configured, so that this information is logged:
Fortigate # config sys global
(global)# set loglocaldeny enable
(global)# end
It is then possible to check with get sys global to see if loglocaldeny is enabled.
Here is an example of such a log entry:
2004-10-20 14:06:47 log_id=0023013001 type=traffic subtype=violation pri=notice vd=root SN=651 duration=0 policyid=0 proto=6 service=19/tcp status=deny src=172.16.87.184 srcname=172.16.87.184 dst=172.16.87.183 dstname=172.16.87.183 src_int=n/a dst_int=external sent=0 rcvd=0 src_port=784 dst_port=19 vpn=n/a tran_ip=0.0.0.0 tran_port=0
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.