SummaryFortiGate may fail to record traffic destined to Fortinet owned IP addresses i.e. traffic destined to the following subnets: 188.8.131.52/20, 184.108.40.206/20 As an example, traffic generated by FortiClient/FortiClient EMS via the FortiGate in order to request updates from the FortiGuard distributed servers may not be logged under Logs > forward traffic logs.
FortiGate versions 6.0.11 and below.
FortiGate versions 6.2.5 and below.
This issue is triggered ONLY when fabric/fortiheartbeat/endpoint-compliance is enabled at the interface level.
Please upgrade to FortiGate Version 6.4.0 or above. Workaround: For FortiGate versions 6.2.5 and below, please disable Fabric/Fortiheartbeat on all interfaces and reboot the FortiGate. config system interface edit set fortiheartbeat disable next end or config system interface edit set allowaccess ping https http ssh fabric -----------> remove fabric next end For FortiGate versions 6.0.11 and below, disable endpoint-compliance on all interfaces and reboot the FortiGate config system interface edit set endpoint-compliance disable next end