Sunday, April 8, 2018

fortiOS set logtraffic-start enable

In this blog, I will demo what happens if you enable "set logtraffic-start enable" on a firewall policy.

Here's the firewall policy in question.

And in this simple log you will see a message with the "start" and "close". This reflects the start of the session and closure for sessionid 899 for a curl from my host computer

So at the conclusion, the firewall will log the sent/recv details and duration for the  session. The start action is initialized upon the start.

NOTE: without logtraffic-start the default behavior is to log when the session closes

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
        /  \

No comments:

Post a Comment