FMC does not log HTTP/HTTPS Connection Events

rezaalikhani · ‎07-21-2025

Hi everybody;

My lab consists one FMCv with version 7.4.2.3 and one FTDv in Routed mode with version 7.4.2.3. I have created an Access Control Rule with the following conditions:

I have also configured the logging operation as follows:

Now when a user with IP address 192.168.10.10 tries to open a web site published on a Windows Server behind FTDv, FMC does not log any Connection Events. Every other network access to the server is logged correctly and successfully.

Any ideas?

Thanks

MHM Cisco World · ‎07-21-2025

Use packet tracer feature of fmc

Check if traffic hit the correct ACL or not

MHM

rezaalikhani · ‎07-21-2025

Thanks. Using the Packet Tracer functionality, it matches the correct ACL.

MHM Cisco World · ‎07-21-2025

Points to check

1- trust don't have log function, change action to allow (permit)

2- some traffic need to config with log at beginning

MHM

Marvin Rhoads · ‎07-21-2025

Good points @MHM Cisco World .

@rezaalikhani also note that "log at end of connection" only triggers for a Permit rule where the connection closes gracefully with a TCP FIN

rezaalikhani · ‎07-21-2025

@Marvin Rhoads @MHM Cisco World So, the Trust action does not trigger a log even if I have selected the "Log at end of connection" option in the Logging session?

MHM Cisco World · ‎07-21-2025

Yes

MHM

rezaalikhani · ‎07-21-2025

@MHM Cisco World The funny thing is that, if you use Packet Tracer, it generates an event, even if you select Trust action. Any ideas?

Thanks

MHM Cisco World · ‎07-21-2025

How you config packet tracer?

Are you use correct interface as ingress interface

Are you use real Ip or map ip (if you use NAT)

MHM

rezaalikhani · ‎07-22-2025

MHM Cisco World · ‎07-22-2025

I see ingress interface is different between two packet tracer?

MHM