Wednesday, August 27, 2014

Silence of the Local Broadcasts

When setting up a new FortiGate you tend to receive a lot of logs for traffic destined to 255.255.255.255 (aka the global broadcast address) or x.x.x.255 (your local subnet broadcast address). To reduce clutter and have the firewall drop these broadcasts silently use:

FortiAnalyzer:
config log fortianalyzer filter
    set local-traffic disable
end

Log Disk
config log disk filter filter
    set local-traffic disable
end

Memory:
config log memory filter
    set local-traffic disable
end

Syslog
config log syslogd filter
    set local-traffic disable
end