Log options for Local-in policies | Description |
Enable Logging for Denied Traffic | This records all implicit local deny or a local-in policy that has the action deny. For example, someone trying to log in to a port 80 that is not allowed by the local-in policy. |
Enable Logging for Allowed Traffic | This records all administrator, system, user, and FortiGuard traffic. |
Enable Logging for Local Out Traffic | This records all traffic leaving the FortiGate. |
Traffic activity | Traffic Direction | Description |
FortiGuard update annoucements | IN | All push announcements of updates that are coming from the FortiGuard system. For example, IPS or AV updates. |
FortiGuard update requests | OUT | All updates that are checking for antivirus or IPS as well as other FortiGuard service updates. |
Firewall authentication | IN | The authentication made using either the web-based manager or CLI. |
Central management (a FortiGate unit being managed by a FortiManager unit) | IN | The access that a FortiManager has managing the FortiGate unit. |
DNS | IN | All DNS traffic. |
DHCP/DHCP Relay | IN | All DHCP and/or DHCP Relay traffic. |
HA (heart beat sync policy) | IN/OUT | For high-end platforms with a backplane heart beat port. |
HA (Session sync policy) | IN/OUT | This will get information from the CMDB and updated by session sync daemon. |
CAPWAP | IN | This activity is logged only when a HAVE_CAPWAP is defined. |
Radius | IN | This is recorded only within FortiCarrier. |
NETBIOS forward | IN | Any interface that NETBIOS forward is enabled on. |
RIP | IN | |
OSPF | IN | |
VRRP | IN | |
BFD | IN | |
IGMP | IN | This is recorded only when PIM is enabled. |
PIM | IN | This is recorded only when PIM is enabled. |
BGP | IN | This is recorded only when config bgp and bgp neightbor is enabled in the CLI. |
WCCP policy | IN | Any interface that WCCP is enabled; however, if in Cache mode, this is not recorded because it is not available. |
WAN Opt/ Web Cache | IN | Any interface where WAN Opt is enabled. |
WANOpt Tunnel | IN | This is recorded when HAVE_WANOPT is defined. |
SSL-VPN | IN | Any interface from a zone where the action in the policy is SSL VPN. |
IPSEC | IN | |
L2TP | IN | |
PPTP | IN | |
VPD | IN | This is recorded only when FortiClient is enabled. |
Web cache db test facility | IN | This is recorded only when WA_CS_REMOTE_TEST is defined. |
GDBserver | IN | This is recorded only when debug is enabled. |