Fortinet black logo

New Features

Application logging in NGFW policy mode 6.4.2

Copy Link
Copy Doc ID de1e129a-0283-11ea-8977-00505692583a:439360
Download PDF

Application logging in NGFW policy mode 6.4.2

In NGFW policy mode, if an application, application category, or application group is selected on a security policy, and traffic logging is set to UTM or All, then application control logs will be generated. In addition, when a signature is set to the ACCEPT action under a security policy, all corresponding child signatures will be assessed and logged as well.

To verify application logging:
  1. Go to Policy & Objects > Security Policy and configure a new policy for YouTube.
  2. Set Action to ACCEPT and Log Allowed Traffic to Security Events.

    Security policy for YouTube

  3. Configure the remaining settings as required, then click OK.
  4. On a client system, play some YouTube videos.
  5. On FortiOS, go to Log & Report > Application Control and view the logs.

    There are logs not only for YouTube, but also for YouTube_Video.Play, YouTube_Video.Access, and so on, as verified from the Application Name column.

    Traffic logs for YouTube

Application logging in NGFW policy mode 6.4.2

In NGFW policy mode, if an application, application category, or application group is selected on a security policy, and traffic logging is set to UTM or All, then application control logs will be generated. In addition, when a signature is set to the ACCEPT action under a security policy, all corresponding child signatures will be assessed and logged as well.

To verify application logging:
  1. Go to Policy & Objects > Security Policy and configure a new policy for YouTube.
  2. Set Action to ACCEPT and Log Allowed Traffic to Security Events.

    Security policy for YouTube

  3. Configure the remaining settings as required, then click OK.
  4. On a client system, play some YouTube videos.
  5. On FortiOS, go to Log & Report > Application Control and view the logs.

    There are logs not only for YouTube, but also for YouTube_Video.Play, YouTube_Video.Access, and so on, as verified from the Application Name column.

    Traffic logs for YouTube