FortiGate fails to log traffic for Fortinet owned IP address range


FortiGate may fail to record traffic destined to Fortinet owned IP addresses i.e. traffic destined to the following subnets:, As an example, traffic generated by FortiClient/FortiClient EMS via the FortiGate in order to request updates from the FortiGuard distributed servers may not be logged under Logs > forward traffic logs.

Affected Products

FortiGate versions 6.0.11 and below.
FortiGate versions 6.2.5 and below.
This issue is triggered ONLY when fabric/fortiheartbeat/endpoint-compliance is enabled at the interface level.


Please upgrade to FortiGate Version 6.4.0 or above. Workaround: For FortiGate versions 6.2.5 and below, please disable Fabric/Fortiheartbeat on all interfaces and reboot the FortiGate. config system interface edit set fortiheartbeat disable next end or config system interface edit set allowaccess ping https http ssh fabric -----------> remove fabric next end For FortiGate versions 6.0.11 and below, disable endpoint-compliance on all interfaces and reboot the FortiGate config system interface edit set endpoint-compliance disable next end


Fortinet is pleased to thank Michael Weinstein from NetTects LLC for reporting this vulnerability under responsible disclosure.