Fortinet white logo
Fortinet white logo

Hyperscale Firewall Guide

Adding hardware logging to a hyperscale firewall policy

Adding hardware logging to a hyperscale firewall policy

Use the following command to enable hardware logging in a hyperscale firewall policy and assign a hardware logging server group to the firewall policy.

config firewall {hyperscale-policy | hyperscale-policy46 | hyperscale-policy6 | hyperscale-policy64}

edit <id>

set policy-offload {enable | disable}

set cgn-log-server-grp <group-name>

end

From the GUI:

  1. Go to Policy & Objects and select IPv4 Hyperscale Policy, IPv6 Hyperscale policy, NAT46 Hyperscale Policy, or NAT46 Hyperscale Policy.
  2. While configuring the policy, select Log Hyperscale SPU Offload Traffic.
  3. Select a Log Server Group.

Note

When configuring hardware logging, the recommended or required IP addresses of the hardware logging servers that you can use with hyperscale firewall policies are the following:

  • You should only use logging servers that have IPv4 addresses with IPv4 hyperscale firewall policies. Logging servers with IPv6 IP addresses can be used but are not recommended.

  • You should only use logging servers that have IPv6 addresses with IPv6 hyperscale firewall policies. Logging servers with IPv4 IP addresses can be used but are not recommended.

  • You can only use logging servers that have IPv6 addresses with NAT64 hyperscale firewall policies.

  • You can only use logging servers that have IPv4 addresses with NAT46 hyperscale firewall policies.

Adding hardware logging to a hyperscale firewall policy

Adding hardware logging to a hyperscale firewall policy

Use the following command to enable hardware logging in a hyperscale firewall policy and assign a hardware logging server group to the firewall policy.

config firewall {hyperscale-policy | hyperscale-policy46 | hyperscale-policy6 | hyperscale-policy64}

edit <id>

set policy-offload {enable | disable}

set cgn-log-server-grp <group-name>

end

From the GUI:

  1. Go to Policy & Objects and select IPv4 Hyperscale Policy, IPv6 Hyperscale policy, NAT46 Hyperscale Policy, or NAT46 Hyperscale Policy.
  2. While configuring the policy, select Log Hyperscale SPU Offload Traffic.
  3. Select a Log Server Group.

Note

When configuring hardware logging, the recommended or required IP addresses of the hardware logging servers that you can use with hyperscale firewall policies are the following:

  • You should only use logging servers that have IPv4 addresses with IPv4 hyperscale firewall policies. Logging servers with IPv6 IP addresses can be used but are not recommended.

  • You should only use logging servers that have IPv6 addresses with IPv6 hyperscale firewall policies. Logging servers with IPv4 IP addresses can be used but are not recommended.

  • You can only use logging servers that have IPv6 addresses with NAT64 hyperscale firewall policies.

  • You can only use logging servers that have IPv4 addresses with NAT46 hyperscale firewall policies.