We set up Webfilters in a Fortigate. We see certain packets dropped due to the violation of a web filter policy. The strange thing is it seems to me there is no way of seeing in the logs what the reason is why that packet is dropped. I would expect to see: connection is dropped because the connection is considered to connect to a website in the cataegory of “known malicious”. Am I overlooking this or is a Fortigate not showing this information in the local logs?<\/p>","upvoteCount":4,"answerCount":4,"datePublished":"2025-02-04T10:40:36.018Z","author":{"@type":"Person","name":"gerts1624","url":"https://community.spiceworks.com/u/gerts1624"},"suggestedAnswer":[{"@type":"Answer","text":"

Advertisement

Close

We set up Webfilters in a Fortigate. We see certain packets dropped due to the violation of a web filter policy. The strange thing is it seems to me there is no way of seeing in the logs what the reason is why that packet is dropped. I would expect to see: connection is dropped because the connection is considered to connect to a website in the cataegory of “known malicious”. Am I overlooking this or is a Fortigate not showing this information in the local logs?<\/p>","upvoteCount":4,"datePublished":"2025-02-04T10:40:36.085Z","url":"https://community.spiceworks.com/t/fortigate-see-reason-for-dropping-a-connection/1170864/1","author":{"@type":"Person","name":"gerts1624","url":"https://community.spiceworks.com/u/gerts1624"}},{"@type":"Answer","text":"

Advertisement

Close

Do you have logging enabled for the webfilter? I’m a little rusty on my FGT, but my recollection is that you would need to enable the logging for that function. My guess is that it is likely disabled, the CPU load involved is probably significant.<\/p>","upvoteCount":1,"datePublished":"2025-02-04T19:05:08.801Z","url":"https://community.spiceworks.com/t/fortigate-see-reason-for-dropping-a-connection/1170864/2","author":{"@type":"Person","name":"AdmiralKirk","url":"https://community.spiceworks.com/u/AdmiralKirk"}},{"@type":"Answer","text":"

I believe you have to enable logging for the web filter.<\/p>\n

Check out Link<\/a><\/p>","upvoteCount":0,"datePublished":"2025-02-05T01:11:11.445Z","url":"https://community.spiceworks.com/t/fortigate-see-reason-for-dropping-a-connection/1170864/3","author":{"@type":"Person","name":"Sid-1080p","url":"https://community.spiceworks.com/u/Sid-1080p"}},{"@type":"Answer","text":"

Thanks for answering. But that is not really what we are looking for. The problem is we see a deny based on a blocked web cataegory but there are connection that we believe should not be blocked and it seems to me there is no way to have an insight into why Fortigate thinks it needs to be blocked. I find that surprising and even shocking.<\/p>\n

Do other people with fortigate see the reason why Fortigate thinks it should be blocked in the packet log? I do see what the rule was that caused the blocking but I expect to see extra info as well somewhere.<\/p>","upvoteCount":0,"datePublished":"2025-02-07T10:44:29.192Z","url":"https://community.spiceworks.com/t/fortigate-see-reason-for-dropping-a-connection/1170864/4","author":{"@type":"Person","name":"gerts1624","url":"https://community.spiceworks.com/u/gerts1624"}}]}}