Help
FortiProxy
FortiProxy provides enterprise-class protection against internet-borne threats and Advanced Web Content Caching
ojacinto
Staff
Staff

Created on ‎03-19-2024 09:25 PM

Article Id 305439

Technical Tip: FortiProxy Local Traffic Support

Description

This article describes that FortiPoxy Local Traffic is not shown under Log & Report  -> Local Traffic tab on v7.2.8 and later. There is a 'No results' message which appears.

 

FPX_local_traffic.jpg
Scope FortiProxy v7.2.0 and later.
Solution

If trying to generate some local traffic:

 

FortiProxy-VM02 # execute ping service.fortiguard.net
PING guard.fortinet.net (12.34.97.71): 56 data bytes
64 bytes from 12.34.97.71: icmp_seq=0 ttl=48 time=63.3 ms
64 bytes from 12.34.97.71: icmp_seq=1 ttl=48 time=64.6 ms
64 bytes from 12.34.97.71: icmp_seq=2 ttl=48 time=64.7 ms
64 bytes from 12.34.97.71: icmp_seq=3 ttl=48 time=64.7 ms
64 bytes from 12.34.97.71: icmp_seq=4 ttl=48 time=63.5 ms

--- guard.fortinet.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 63.3/64.1/64.7 ms

 

FortiProxy-VM02 # execute ping update.fortiguard.net
PING fds1.fortinet.com (12.34.97.16): 56 data bytes
64 bytes from 12.34.97.16: icmp_seq=0 ttl=48 time=55.6 ms
64 bytes from 12.34.97.16: icmp_seq=1 ttl=48 time=56.3 ms
64 bytes from 12.34.97.16: icmp_seq=2 ttl=48 time=55.9 ms
64 bytes from 12.34.97.16: icmp_seq=3 ttl=48 time=56.0 ms
64 bytes from 12.34.97.16: icmp_seq=4 ttl=48 time=56.0 ms

--- fds1.fortinet.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 55.6/55.9/56.3 ms

 

FortiProxy-VM02 # execute ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=58 time=32.7 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=5.8 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=5.8 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=5.5 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=58 time=4.8 ms

--- 8.8.8.8 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 4.8/10.9/32.7 ms

FortiProxy-VM02 #

 

It is possible to confirm that Local Traffic on the GUI is not displaying any entry. Same behavior is showed on the CLI:

 

FortiProxy-VM02 # execute log filter category 0

FortiProxy-VM02 # execute log display
2384 logs found.
10 logs returned.
30.0% of logs has been searched.


1: date=2024-03-19 time=18:25:43 eventtime=1710894343302809403 tz="-0600" logid="0010000099" type="traffic" subtype="http-transaction" level="notice" vd="root" srcip=192.168.13.100 dstip=192.178.56.14 clientip=192.168.13.100 scheme="https" srcport=50309 dstport=443 hostname="clients2.google.com" url="https://clients2.google.com/domainreliability/upload" prefetch=0 policyid=2 sessionid=1291978414 transid=885 reqlength=751 resplength=0 rcvdbyte=1853 sentbyte=2078 resptype="normal" cat=41 catdesc="Search Engines and Portals" agent="Chrome/109.0.0.0" reqtime=1710894343 resptime=1710894343 respfinishtime=1710894343 duration=39 appcat="unscanned"


2: date=2024-03-19 time=18:25:43 eventtime=1710894343231717945 tz="-0600" logid="0010000099" type="traffic" subtype="http-transaction" level="notice" vd="root" srcip=192.168.13.100 dstip=192.178.56.14 clientip=192.168.13.100 scheme="https" srcport=50309 dstport=443 hostname="clients2.google.com" url="https://clients2.google.com/" prefetch=0 policyid=2 sessionid=1291978414 transid=884 reqlength=230 resplength=0 rcvdbyte=0 sentbyte=230 resptype="generated" cat=41 catdesc="Search Engines and Portals" agent="Chrome/109.0.0.0" reqtime=1710894343 resptime=0 respfinishtime=1710894343 duration=98 appcat="unscanned"


3: date=2024-03-19 time=18:25:43 eventtime=1710894343170508118 tz="-0600" logid="0000000015" type="traffic" subtype="forward" level="notice" vd="root" srcip=192.168.13.100 srcport=50309 srcintf="port4" srcintfrole="lan" dstip=192.178.56.14 dstport=443 dstintf="port1" dstintfrole="undefined" srccountry="Reserved" dstcountry="United States" sessionid=1291978414 proto=6 action="start" policyid=2 policytype="policy" poluuid="32ed0d82-1618-51ee-e338-e868efba8a20" policyname="Users" service="HTTPS" trandisp="noop" url="https://clients2.google.com/" agent="Chrome/109.0.0.0" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 appcat="unscanned"

..


There are entries for forward-traffic but no one for the local-traffic.

This behavior is expected because currently FortiProxy kernel only supports generating traffic logs for forward traffic.
Unlike policy controls traffic, local-out/local-in traffic has no place to control the log.


The GUI section 'Local Traffic' was removed from version 7.4.0 and later

 

Related document:

Fortiproxy-7.4.0-release-notes: 931312 The Local traffic section should be removed as FortiProxy does not support local-in policy - Page 85.

 

 

125
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.