Skip to Content

Solved: How do I enable logging for one-arm filter traffic?

Problem Description

This article describes how to enable logging for one-arm filter traffic.

Scope

FortiGate.

Solution

Basically, with one-arm sniffer mode, it will examine, and log packets based on the configured IPS sensor and application control list.

So, if the UTM features are not enabled in one arm sniffer interface, it will not log anything in FortiGate or forward it to FortiAnalyzer/memory.

Enable the UTM features (IPS, Application Control) on the firewall policy.

Traffic sent to the interface is examined for matches to the configured IPS sensor and application control list and will be logged to FortiAnalyzer/memory.

# config firewall policy
edit 1
set srcintf "Port1"
set dstintf "Port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set application-list "default"
set ips-sensor "all_default"
set nat enable
next
end
    Ads Blocker Image Powered by Code Help Pro

    It looks like you are using an adblocker.

    Ads keep our content free. Please consider supporting us by allowing ads on pupuweb.com