That would just about wreck the logs/SIEM server though if that was the case though so pros and cons for sure.
In this case I noticed this while setting up a proof of concept for a SIEM solution (the Fortinet one). Oftentimes this is a good way to find custom ports or protocols that may have been overlooked as a part of the implementation process and could have been causing your users heartache. This is true for any traffic allowed through your firewall and out to the internet, but this is even more true when it comes to denied traffic. A Firewall Policy with action = DENY is however needed when it is required to log the denied traffi c, also called "violation traffic".
0515255 was my bug report. See related articles for more information about Firewall Policies. By default, this In my experience, only in special cases one is interested to see denied traffic, mostly while troubleshooting. Its as if there is no implicit deny for these local in policies or something. Is the Policy ID 0 represents "implicit rule" of the firewall ? Im not seeing how these IP addresses could try and authenticate when I specified a small group of public IP addresses that are allowed. Hey everyone, Hoping you can clarify something for me. ... On our production 500E fortigate with 6.0.10 firmware in HA there are plenty of FW rules which have 0 Hit counts and 0 Bytes shown. Re: Fortigate interfaces mac address changed, Re: rating overrides broken again in 6.2.5, Re: upgrade FortiOS 6.2.4 => src-vis crash.