If trying to generate some local traffic:
FortiProxy-VM02 # execute ping service.fortiguard.net PING guard.fortinet.net (12.34.97.71): 56 data bytes 64 bytes from 12.34.97.71: icmp_seq=0 ttl=48 time=63.3 ms 64 bytes from 12.34.97.71: icmp_seq=1 ttl=48 time=64.6 ms 64 bytes from 12.34.97.71: icmp_seq=2 ttl=48 time=64.7 ms 64 bytes from 12.34.97.71: icmp_seq=3 ttl=48 time=64.7 ms 64 bytes from 12.34.97.71: icmp_seq=4 ttl=48 time=63.5 ms
--- guard.fortinet.net ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 63.3/64.1/64.7 ms
FortiProxy-VM02 # execute ping update.fortiguard.net PING fds1.fortinet.com (12.34.97.16): 56 data bytes 64 bytes from 12.34.97.16: icmp_seq=0 ttl=48 time=55.6 ms 64 bytes from 12.34.97.16: icmp_seq=1 ttl=48 time=56.3 ms 64 bytes from 12.34.97.16: icmp_seq=2 ttl=48 time=55.9 ms 64 bytes from 12.34.97.16: icmp_seq=3 ttl=48 time=56.0 ms 64 bytes from 12.34.97.16: icmp_seq=4 ttl=48 time=56.0 ms
--- fds1.fortinet.com ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 55.6/55.9/56.3 ms
FortiProxy-VM02 # execute ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=58 time=32.7 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=5.8 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=5.8 ms 64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=5.5 ms 64 bytes from 8.8.8.8: icmp_seq=4 ttl=58 time=4.8 ms
--- 8.8.8.8 ping statistics --- 5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max = 4.8/10.9/32.7 ms
FortiProxy-VM02 #
It is possible to confirm that Local Traffic on the GUI is not displaying any entry. Same behavior is showed on the CLI:
FortiProxy-VM02 # execute log filter category 0
FortiProxy-VM02 # execute log display 2384 logs found. 10 logs returned. 30.0% of logs has been searched.
1: date=2024-03-19 time=18:25:43 eventtime=1710894343302809403 tz="-0600" logid="0010000099" type="traffic" subtype="http-transaction" level="notice" vd="root" srcip=192.168.13.100 dstip=192.178.56.14 clientip=192.168.13.100 scheme="https" srcport=50309 dstport=443 hostname="clients2.google.com" url="https://clients2.google.com/domainreliability/upload" prefetch=0 policyid=2 sessionid=1291978414 transid=885 reqlength=751 resplength=0 rcvdbyte=1853 sentbyte=2078 resptype="normal" cat=41 catdesc="Search Engines and Portals" agent="Chrome/109.0.0.0" reqtime=1710894343 resptime=1710894343 respfinishtime=1710894343 duration=39 appcat="unscanned"
2: date=2024-03-19 time=18:25:43 eventtime=1710894343231717945 tz="-0600" logid="0010000099" type="traffic" subtype="http-transaction" level="notice" vd="root" srcip=192.168.13.100 dstip=192.178.56.14 clientip=192.168.13.100 scheme="https" srcport=50309 dstport=443 hostname="clients2.google.com" url="https://clients2.google.com/" prefetch=0 policyid=2 sessionid=1291978414 transid=884 reqlength=230 resplength=0 rcvdbyte=0 sentbyte=230 resptype="generated" cat=41 catdesc="Search Engines and Portals" agent="Chrome/109.0.0.0" reqtime=1710894343 resptime=0 respfinishtime=1710894343 duration=98 appcat="unscanned"
3: date=2024-03-19 time=18:25:43 eventtime=1710894343170508118 tz="-0600" logid="0000000015" type="traffic" subtype="forward" level="notice" vd="root" srcip=192.168.13.100 srcport=50309 srcintf="port4" srcintfrole="lan" dstip=192.178.56.14 dstport=443 dstintf="port1" dstintfrole="undefined" srccountry="Reserved" dstcountry="United States" sessionid=1291978414 proto=6 action="start" policyid=2 policytype="policy" poluuid="32ed0d82-1618-51ee-e338-e868efba8a20" policyname="Users" service="HTTPS" trandisp="noop" url="https://clients2.google.com/" agent="Chrome/109.0.0.0" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 appcat="unscanned"
..
There are entries for forward-traffic but no one for the local-traffic.
This behavior is expected because currently FortiProxy kernel only supports generating traffic logs for forward traffic. Unlike policy controls traffic, local-out/local-in traffic has no place to control the log.
The GUI section 'Local Traffic' was removed from version 7.4.0 and later
Related document:
Fortiproxy-7.4.0-release-notes: 931312 The Local traffic section should be removed as FortiProxy does not support local-in policy - Page 85.
|