Log&Report Example configuration: logging all FortiGate traffic
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903 735
http://docs.fortinet.com/ • Feedback
Firewall policy traffic logging records the traffic that is both permitted and denied by the
firewall policy, based on the protection profile. Firewall policy traffic logging records
packets that match the policy.
To enable firewall policy traffic logging
1 Go to Firewall > Policy.
2 Select the Expand Arrow to view the policy list for a policy.
3 Select Edit beside the policy that you want.
If required, create a new firewall policy by selecting Create New. For more information,
see “Firewall Policy” on page 387.
4 Select Log Allowed Traffic.
5 Select OK.
Example configuration: logging all FortiGate traffic
You can use the following procedure to configure your FortiGate unit record traffic log
messages for all traffic. This procedure enables traffic logging for all FortiGate interfaces
that receive traffic. However, traffic logging may not log traffic that would otherwise be
dropped by the FortiGate unit. To record log messages for this traffic, you can add an IPS
Sensor that includes predefined IPS signatures that can detect and log traffic that would
otherwise be dropped by the FortiGate unit.
To log all traffic received by a FortiGate unit
1 Enter the following CLI command to enable logging of failed connection attempts to the
FortiGate unit that use TCP/IP ports other than the TCP/IP ports configured for
management access:
config system global
set localdeny enable
end
2 Enter the following CLI command to set global header checking to strict.
config system global
set check-protocol-header strict
end
Strict header checking detects invalid raw IP packets by validating packet checksums
and also checks IP headers to make sure they adhere to current standards. The
default setting is loose which is usually appropriate for most environments. Loose
header checking improves performance while meeting most organizations’
requirements.
3 Enter the following CLI commands to enable traffic logging for all of the FortiGate
interfaces that receive traffic. The following commands enable traffic logging on port1
and port2. You should repeat these commands for all other FortiGate unit interfaces
that receive traffic.
config system interface
edit port1
set log enable
Note: You need to set the logging severity level to Notification when configuring a logging
location to record traffic log messages. Traffic log messages generally have a severity level
no higher than Notification. If VDOMs are in Transparent mode, make sure that VDOM
allows access for enabling traffic logs.
To Next Page
Loading...
Need help?
General