Technical Tip : How to check ZTNA traffic logs on FortiGate when only FortiAnalyzer logging is enabled

Verify that the following configuration has been implemented on FortiGate:

config firewall proxy- policy

    edit <policy number>

    ...

        set logtraffic all

    next

end

config firewall access-proxy

    edit <proxy>

        set log-blocked-traffic enable

    next

end

To enable logging to FortiAnalyzer.

Go to Security Fabric -> Logging & Analytics or Log & Report -> Log Settings.
Enable FortiAnalyzer.

Select an upload option: Realtime, Every Minute, or Every 5 Minutes (default). Select 'Apply'.

How to check the ZTNA log on FortiAnalyzer :

ZTNA traffic logs 7.0.3.

To view ZTNA logs:

1. Go to Log View -> FortiGate -> Traffic.
2. Filter by Log ID = 0005000024 or Sub Type = ztna.

3. Select a ZTNA log to view the log details pane. There are six new log details for ZTNA logs:

• Access Proxy.
• Client Device ID.
• Client Device Owner.
• Client Device Tags.
• Gateway ID.
• Virtual IP.

Make sure the FortiOS version is compatible with the FortiAnalyzer version.

Compatibility with FortiOS.

Note.

ZTNA traffic logs are not supported in FortiAnalyzer 6.4 or earlier.

Additional Resources on how to add FortiGate to FortiAnalyzer:
Adding a FortiGate using Security Fabric authorization.