Sunday, April 8, 2018

fortiOS set logtraffic-start enable

In this blog, I will demo what happens if you enable "set logtraffic-start enable" on a firewall policy.

Here's the firewall policy in question.



And in this simple log you will see a message with the "start" and "close". This reflects the start of the session and closure for sessionid 899 for a curl ifconfig.co from my host computer




So at the conclusion, the firewall will log the sent/recv details and duration for the  session. The start action is initialized upon the start.


NOTE: without logtraffic-start the default behavior is to log when the session closes







NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment