how to check traffic logs in fortigate firewall cli

Local traffic is traffic that originates or terminates on the FortiGate itself - when it initiates connections to DNS servers, contacts FortiGuard, administrative access, VPNs, communication with authentication servers and similar. Troubleshooting Tip: Initial troubleshooting steps - Fortinet Community Notify me of follow-up comments by email. Click Select Device, then select the devices whose logs will be forwarded. Turn on to use TCP connection. This fix can be performed on the FortiGate GUI or on the CLI. Logs also tell us which policy and type of policy blocked the traffic. Event logs are an important log file to record because they record Fortinet device system activity, which provides valuable information about how your Fortinet unit is performing. The following commands can troubleshoot and start the "get license" process. Fortinet Fortigate CLI Commands. Check if the Master has access to both WAN and LAN (exec ping pu.bl.ic.IP, exec ping lo.ca.l.IP).If not, check the routing table (get router info routing-table all; get router info routing-table detail x.x.x.x ). Enable/disable implicit firewall policy logging. Description. 07:15 AM Firewall policies control all traffic that attempts to pass through the FortiGate unit, between FortiGate interfaces, zones and VLAN sub-interfaces. Use the first three to enable debugging and start the process, while the last one disables the debugging again: 1 2 3 4 diag debug app update -1 diag debug enable exec update-now diag debug disable To reboot your device, use: 1 execute reboot Scope, Define, and Maintain Regulatory Demands Online in Minutes. Next step is to choose category of logs to display: The job of logs is to speed up your problem solving and save you time and effort. If you will be using several FortiGate units, you can also use a FortiAnalyzer unit for logging. Enable/disable explicit proxy firewall implicit policy logging. Local traffic is allowed or denied instead based on interface configuration (Administrative Access), VPN and VIP configuration, explicitly defined local traffic policies and similar configuration items.This means local traffic does not have an associated policy ID unless user-defined local policies have been configured.If there is no user-defined local policy applying to the logged traffic, logs will instead show policy ID 0.In this case, policy ID 0 is NOT the same as implicit deny.Example local traffic log (for incoming RIP message): The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.. Select the type of remote server to which you are forwarding logs: FortiAnalyzer, Syslog, or Common Event Format (CEF). 02:23 AM Checking the logs A log message records the traffic passing through FortiGate to your network and the action FortiGate takes when it scans the traffic.