Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 8.0.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home FortiGate / FortiOS 8.0.0 Administration Guide
    8.0.0
    8.0.0
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.13
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.19
    7.0.18
    7.0.17
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.0

    Forward Traffic log page NEW

    Forward Traffic log page NEW

    The Log & Report > Forward Traffic page includes a Log Details pane with summary panel. The summary panel shows the log timestamp, policy name, and a summary of security events with hover-enabled tooltips and access to quick actions.

    The summary panel:

    • Is available for Memory, Disk, FortiAnalyzer, and FortiGate Cloud log sources.

      For FortiGate Cloud log source, the summary panel will always display No security events found because forward traffic logs from FortiGate Cloud do not contain the utmref field, which is necessary for populating security event data.

    • Is only available in Log Details when the selected log has security events associated with it

    • Only displays for non-implicit deny policy logs

    To view the summary in Log Details:

    1. Go to Log & Report > Forward Traffic.

    2. Set the log source to Memory, Disk, or FortiAnalyzer.

    3. Select a UTM log entry, and click Details. The Log Details pane is displayed with a summary panel at the top:

      Option

      Description

      Date/Time

      Date and time of the log entry

      Policy

      Name of the policy used

      Policy action

      Policy action (Accept or Deny)

      Policy inspection mode

      Policy inspection mode (Flow-based or Proxy-based)

      Security Events Summary

      Lists the type and name of the security profile(s) used, final action (Allow or Deny), and the number of security event logs for the event.

      If the same security profile has multiple security events, and if at least one (1) of the events is categorized as Deny, then the final action is Deny, and the number bubble indicates the number of deny logs out of the total logs.

      4. In the Security Events Summary section:

    • When multiple security profiles (for example, APP, AV, and IPS) log security events, all security profile names and the final action (Allow or Deny) are displayed. The number bubble indicates how many security event logs are available for the event.

      In this example, multiple profiles (AV, APP, and IPS) logged security events, and each has one (1) security event log, except for IPS, which has three (3):

    • Hover over any security profile to display a tooltip of information and access the Edit and Show in list buttons:

    • When multiple security events are listed for the same security profile, the final verdict is Deny, if at least one of the events is categorized as Deny. More information about the deny logs is available on the Security tab.

    • Hover over the number bubble. A tooltip displays how the number of denied logs and Go to security tab for more details.

      If any event has multiple logs with same security profile, but all logs are with same action (Allow or Deny), then the tooltip for the number bubble only displays Go to security tab for more details.

    • When the security profile no longer exists, then the Security Events Summary section displays the generic security event name of Application Control.

    Previous
    Next

    Forward Traffic log page NEW

    Forward Traffic log page NEW

    The Log & Report > Forward Traffic page includes a Log Details pane with summary panel. The summary panel shows the log timestamp, policy name, and a summary of security events with hover-enabled tooltips and access to quick actions.

    The summary panel:

    • Is available for Memory, Disk, FortiAnalyzer, and FortiGate Cloud log sources.

      For FortiGate Cloud log source, the summary panel will always display No security events found because forward traffic logs from FortiGate Cloud do not contain the utmref field, which is necessary for populating security event data.

    • Is only available in Log Details when the selected log has security events associated with it

    • Only displays for non-implicit deny policy logs

    To view the summary in Log Details:

    1. Go to Log & Report > Forward Traffic.

    2. Set the log source to Memory, Disk, or FortiAnalyzer.

    3. Select a UTM log entry, and click Details. The Log Details pane is displayed with a summary panel at the top:

      Option

      Description

      Date/Time

      Date and time of the log entry

      Policy

      Name of the policy used

      Policy action

      Policy action (Accept or Deny)

      Policy inspection mode

      Policy inspection mode (Flow-based or Proxy-based)

      Security Events Summary

      Lists the type and name of the security profile(s) used, final action (Allow or Deny), and the number of security event logs for the event.

      If the same security profile has multiple security events, and if at least one (1) of the events is categorized as Deny, then the final action is Deny, and the number bubble indicates the number of deny logs out of the total logs.

      4. In the Security Events Summary section:

    • When multiple security profiles (for example, APP, AV, and IPS) log security events, all security profile names and the final action (Allow or Deny) are displayed. The number bubble indicates how many security event logs are available for the event.

      In this example, multiple profiles (AV, APP, and IPS) logged security events, and each has one (1) security event log, except for IPS, which has three (3):

    • Hover over any security profile to display a tooltip of information and access the Edit and Show in list buttons:

    • When multiple security events are listed for the same security profile, the final verdict is Deny, if at least one of the events is categorized as Deny. More information about the deny logs is available on the Security tab.

    • Hover over the number bubble. A tooltip displays how the number of denied logs and Go to security tab for more details.

      If any event has multiple logs with same security profile, but all logs are with same action (Allow or Deny), then the tooltip for the number bubble only displays Go to security tab for more details.

    • When the security profile no longer exists, then the Security Events Summary section displays the generic security event name of Application Control.

    Previous
    Next