Example Configuration: Logging All Fortigate Traffic - Fortinet FortiGate Series Administration Manual
Hide thumbs
Also See for FortiGate Series:
- Administration manual (60 pages) ,
- Install manual (51 pages) ,
- Quick start manual (14 pages)
Table of Contents
Advertisement
Log&Report
Example configuration: logging all FortiGate traffic
FortiGate Version 4.0 MR1 Administration Guide
01-410-89802-20090903
http://docs.fortinet.com/
•
Feedback
Firewall policy traffic logging records the traffic that is both permitted and denied by the
firewall policy, based on the protection profile. Firewall policy traffic logging records
packets that match the policy.
To enable firewall policy traffic logging
1 Go to Firewall > Policy.
2 Select the Expand Arrow to view the policy list for a policy.
3 Select Edit beside the policy that you want.
If required, create a new firewall policy by selecting Create New. For more information,
see
"Firewall Policy" on page
4 Select Log Allowed Traffic.
5 Select OK.
Note: You need to set the logging severity level to Notification when configuring a logging
location to record traffic log messages. Traffic log messages generally have a severity level
no higher than Notification. If VDOMs are in Transparent mode, make sure that VDOM
allows access for enabling traffic logs.
You can use the following procedure to configure your FortiGate unit record traffic log
messages for all traffic. This procedure enables traffic logging for all FortiGate interfaces
that receive traffic. However, traffic logging may not log traffic that would otherwise be
dropped by the FortiGate unit. To record log messages for this traffic, you can add an IPS
Sensor that includes predefined IPS signatures that can detect and log traffic that would
otherwise be dropped by the FortiGate unit.
To log all traffic received by a FortiGate unit
1 Enter the following CLI command to enable logging of failed connection attempts to the
FortiGate unit that use TCP/IP ports other than the TCP/IP ports configured for
management access:
config system global
set localdeny enable
end
2 Enter the following CLI command to set global header checking to strict.
config system global
set check-protocol-header strict
end
Strict header checking detects invalid raw IP packets by validating packet checksums
and also checks IP headers to make sure they adhere to current standards. The
default setting is loose which is usually appropriate for most environments. Loose
header checking improves performance while meeting most organizations'
requirements.
3 Enter the following CLI commands to enable traffic logging for all of the FortiGate
interfaces that receive traffic. The following commands enable traffic logging on port1
and port2. You should repeat these commands for all other FortiGate unit interfaces
that receive traffic.
config system interface
edit port1
set log enable
Example configuration: logging all FortiGate traffic
387.
735
Advertisement
Table of Contents
