Local-In Policy Query

Silver Member
  • Total Posts : 63
  • Scores: 2
  • Reward points: 0
  • Joined: 2013/11/25 03:23:57
  • Status: offline
2020/05/21 06:09:12 (permalink) 6.2

Local-In Policy Query

Hi all,
We are operating a pair of 100D Hardware Appliances (v6.2.3 build 1066 GA), running HA in an Active/Passive configuration.
I recently had cause to allow access on certain ports to the WAN interface of our appliances and I accomplished this using the Local-In Policy.
The action set for this rule was 'accept' and I'm wondering where I might view logs of this rule to verify it is working. Looking at the Local Traffic Log, the only 'accepts' I can see are Fortinet (Update Announcements).
Any suggestions would be much appreciated.
Best regards,
John P

1 Reply Related Threads

    Dave Hall
    Expert Member
    • Total Posts : 1673
    • Scores: 174
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: online
    Re: Local-In Policy Query 2020/05/21 09:14:57 (permalink)
    In the GUI, under Feature Visibility, enable "Local In Policy" (allows Local in policies to show up under Policy & Objects).

    For actual logging, in the CLI, set one or more options under:

    config log setting
        set local-in-allow {enable | disable}   Enable/disable local-in-allow logging.
        set local-in-deny-unicast {enable | disable}   Enable/disable local-in-deny-unicast logging.
        set local-in-deny-broadcast {enable | disable}   Enable/disable local-in-deny-broadcast logging.
        set local-out {enable | disable}   Enable/disable local-out logging.

    Don't have access to a fgt with this feature enabled, though I assume a local in log will be recorded somewhere, either under logging or showing up under FortiView.  Someone may want to chime in here to confirm/clarify.


    NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
    Jump to:
    © 2020 APG vNext Commercial Version 5.5