Something that’s annoyed me with FortiGates is that viewing the deny logs isn’t super straight forward. Part of the issue is the fact that Fortinet disables the deny log by default and if you don’t know where to look for it you might not figure it out by clicking around.
Fortinet says that they have the deny logs off by default to optimize the usage of logging space. I however want to see as much info as possible when possible, especially when troubleshooting.
Thankfully turning it on is easy, here’s how to do it and view it.
- Go to your Policy & Objects and click on Firewall Policy
- Edit your Implicit Deny rule
- Turn on Log IPv4 Violation Traffic
- Now you can view the deny log in Forward Traffic under the Log & Report section
You might need to change your filters to find what exactly you are looking for