Hot!FGT60E 5.4.1 not showing forward traffic logs and forticloud issue

Author
Paul S
Gold Member
  • Total Posts : 158
  • Scores: 6
  • Reward points: 0
  • Joined: 2011/05/02 16:49:52
  • Status: offline
2016/08/22 19:55:33 (permalink)
0

FGT60E 5.4.1 not showing forward traffic logs and forticloud issue

using standalone FG60E v5.4.1, logging to memory and forticloud (if I can get it working).
 
forward traffic logs are blank. I tried UTM events, all session and web profile "log-all-urls". log still blank.
 
also the forticloud test account button does not work and the account box is blank, but cannot be changed.

FG200D 5.2.10 (HA) - primary
FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.]
FAZ-VM 5.4.2  |  Fortimail 5.3.8
Network+, Security+
#1

16 Replies Related Threads

    awasfi_FTNT
    Bronze Member
    • Total Posts : 55
    • Scores: 10
    • Reward points: 0
    • Joined: 2015/04/09 06:22:18
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2016/08/23 05:36:12 (permalink)
    0
    Hello,
     
    Check the following:
    config  log  memory filter
    get                               <<-- list all options
    Make sure forward-traffic logs enabled. If not then:
    set forward-traffic enable
    end
     
    The same for FortiCloud:
    config  log  fortiguard filter
    set forward-traffic enable
    end
     
    Enable "Log Allowed Traffic" and select "All Sessions" on the firewall policy.
     
    Make sure you display logs from the correct location(GUI):
    "Log & Report >> Log Settings >> GUI Preferences >> Memory/FortiCloud"
     
    FortiCloud you need to register the account first before using it (It's different than the account used for support portal). Under "Dashboard >> License Information" locate FortiCloud and register it then it should be available.
     
    Regards,
     
    #2
    Paul S
    Gold Member
    • Total Posts : 158
    • Scores: 6
    • Reward points: 0
    • Joined: 2011/05/02 16:49:52
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2016/08/23 12:08:49 (permalink)
    0
    I will do this. I like the CLI, but many of my colleagues do not.
     
    Is there a way in the GUI to do this?

    FG200D 5.2.10 (HA) - primary
    FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.]
    FAZ-VM 5.4.2  |  Fortimail 5.3.8
    Network+, Security+
    #3
    awasfi_FTNT
    Bronze Member
    • Total Posts : 55
    • Scores: 10
    • Reward points: 0
    • Joined: 2015/04/09 06:22:18
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2016/08/23 23:14:15 (permalink)
    0
    Hello,
     
    Not every option available from CLI, however forward-traffic should be enabled by default.
    It looks like the issue is the GUI location where you displaying the logs from.
     
    Regards,
    #4
    Jaywant
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2013/10/27 22:24:49
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2016/10/05 06:54:48 (permalink)
    0
    Hello All,
     
    I am also facing same issue but on FG60D and FG80C both has v5.4.1
    Though policies got All traffic monitor and Log settings also has set forward-raffic enable
    No logs under forward traffic logs.
     
    It simply shows "No matching entries found." Though nothing has been filtered out...
     
    Thanks
     
     
    #5
    fl0at0xff
    Bronze Member
    • Total Posts : 32
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/08/23 00:13:56
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2016/10/20 22:33:03 (permalink)
    0
    Hello. I have the same problem (or a similar one) with Fortigate 60D / E 5.4.1 and with FortiWifi 60E. I just have lan and WAN connected, one policy to allow LAN to WAN all traffic with Log All Session enable. My devices connected to LAN interfaces are able to surf on the internet (policy and default route created). This policy rules log all sessions. In the log settings, I log all that I want on the memory and I display log from memory. But when I want to see log, I just see Deny: IP Connection Error.

    I can't see allowed trafic and other potential deny. This is very strange because these log entries match my unique policy "LAN to WAN".
    #6
    emnoc
    Expert Member
    • Total Posts : 4898
    • Scores: 300
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: online
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2016/10/21 04:26:47 (permalink)
    0
    This might help, beneficial for forticloud diagnostics
     
     
    http://socpuppet.blogspot.com/2014/07/how-to-diagnostic-forticloud-issues-52ga.html
     

    PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
    #7
    Justfly
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2012/05/01 06:12:09
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2017/01/05 10:23:28 (permalink)
    0
    Hi everybody,
     
    I have the same issue (no log entry for forward traffic) as user  fl0at0xff .
    We use a FortiWifi 60E (firmware 5.4.3)
     
    Is there any solution for this problem?
     
    Thanks a lot,
    Justfly
    #8
    boneyard
    Silver Member
    • Total Posts : 92
    • Scores: 4
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2017/01/08 05:32:37 (permalink)
    0
    Justfly can you please start a new thread? there are already three totally different situations in this one and yours is different also, just because it is now about version 5.4.3.
     
    so new thread and show related configuration (policies, log settings, ...), what you are exactly looking at (fortianalyzer, forticloud, fortigate, ..?) screenshot of what you do see.
     
     
    #9
    ikovac
    New Member
    • Total Posts : 9
    • Scores: 2
    • Reward points: 0
    • Joined: 2013/10/07 00:34:43
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2017/01/09 02:04:49 (permalink)
    0
    I have the same thing on FWF60C FortiOS ver 5.2.10. I guess FortiCloud service is not working properly. Here is what I have tried: https://forum.fortinet.com/FindPost/144556
     
    For me it stopped working on 08.01.2017 at 18:05 CET
     
    This is the result of the diag test that is not good: 
     
    diag test application forticldd 3
    Debug zone info:
        Home log server: 0.0.0.0:0
        Alt log server: 0.0.0.0:0
        Active Server IP:      0.0.0.0
        Active Server status:  unknown
     
    Do you have the same result if you try this diag test?
    post edited by ikovac - 2017/01/09 02:06:41
    #10
    Justfly
    New Member
    • Total Posts : 2
    • Scores: 0
    • Reward points: 0
    • Joined: 2012/05/01 06:12:09
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2017/01/13 11:10:19 (permalink)
    0
    Hi,
    I had the same problem.
    Use the following commands to show allowed traffic in memory log.
     
    config log memory filter
    set severity information
    end
     
    Regards,
    Justfly
     
    #11
    jeskudero
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/11 06:18:12
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/04/11 06:27:57 (permalink)
    0
    Hello
     
    I dont know if this post is closed but i put my doubt here.
     
    I have similar issue than the others. I can´t see the forward traffic that is going trouhgt the fortigate (60E) in the GUI, but i have configured the syslogd to send the logs to an ELK server and i can see them getting rigth.
    Here some information about the config:
     
    FGT60E (global) # config log syslogd setting
    FGT60E (setting) # get
    status              : enable
    server              : 192.168.X.X
    reliable            : disable
    port                : 5514
    csv                 : disable
    facility            : local7
    source-ip           :


     
    FGT60E (global) # config log syslogd filter
    FGT60E (filter) # get
    severity            : information
    forward-traffic     : enable
    local-traffic       : enable
    multicast-traffic   : enable
    sniffer-traffic     : enable
    anomaly             : enable
    voip                : enable
    filter              :
    filter-type         : include



    The only thing i see is DNS message errors. like in this other post (https://forum.fortinet.com/tm.aspx?m=157361&high=forward+traffic+log)
     
    post edited by jeskudero - 2018/04/11 07:38:11
    #12
    boneyard
    Silver Member
    • Total Posts : 92
    • Scores: 4
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/04/14 01:33:30 (permalink)
    0
    @jeskudero see the post above you, what are the settings for the memory logging?
    #13
    jeskudero
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/11 06:18:12
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/04/15 23:25:04 (permalink)
    0
    I dont have those settings. I have this one:
     
    FGT60E (global) # config log memory global-setting
    FGT60E (global-setting) # get
    max-size            : 65536
    full-first-warning-threshold: 75
    full-second-warning-threshold: 90
    full-final-warning-threshold: 95


    I have vdom-admin enable, it could be the reason?
    Thanks
    #14
    boneyard
    Silver Member
    • Total Posts : 92
    • Scores: 4
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/04/28 04:30:57 (permalink)
    0
    it could be, but then you have those other settings in the vdom (i.e. root) settings, did you check there?
    #15
    jeskudero
    New Member
    • Total Posts : 5
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/11 06:18:12
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/05/01 23:36:06 (permalink)
    0
    Yes, thats the thing
    I cuold change the "config log memory filter" in the target vdom and now it works
     
    Thanks
    #16
    NapaCab
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/12/13 18:26:04
    • Status: offline
    Re: FGT60E 5.4.1 not showing forward traffic logs and forticloud issue 2018/05/11 09:50:00 (permalink)
    0
    The D & E models that do not have local storage, have logging limitations.  Unfortunately Fortinet doesn't seem to document this, but ran into this doing a POC on a FG200E and couldn't for the life of me figure out why logging wasn't working, and then remembered that it had no local storage, only option was logging to memory (or off-box).  Swapped it for a FG201E and the on-box logging all worked as expected.

    It would be great if Fortinet would write a blurb about this in their docs and save people a lot of wasted time trying to get logging functionality to work on their D and E series boxes that do not have local storage. 
     
    You can confirm whether or not your FG has local storage or not by looking at the Product Matrix:  https://www.fortinet.com/content/dam/fortinet/assets/data-sheets/Fortinet_Product_Matrix.pdf
     
    Notice the 30E, 50E, 60D and 60E all lack local storage (the 51E has 32GB and the 61E have 128GB):
     
    Model               FG/FWF-30E      FG/FWF-50E      FG-60D      FG/FWF-60E
    Local Storage     —                    32 GB (51E)      —              128 GB (61E)
    #17
    Jump to:
    © 2018 APG vNext Commercial Version 5.5