I had a hard time figuring out how to search for things in the logs that were being denied. To see the denied traffic, do the following
Make sure the Implicit Deny Policy has logging enabled
Go into Log & Report –> Local Traffic –> and choose either memory or Fortianalyzer Cloud
Action==deny and any other variables you might know. Either the source IP address or the port number you’re looking for.
