What does the 'ses-denied-traffic' setting in Fortinet do?

The 'ses-denied-traffic' setting in Fortinet is designed to manage the logging behavior of denied sessions in a way that optimizes the device's performance. When this setting is enabled, it actively logs denied sessions, which can provide crucial information for network administrators without excessively burdening the CPU. By selectively logging only those sessions that are denied, it assists in monitoring and troubleshooting without being overwhelmed by excessive logging data, hence efficiently using system resources.

In terms of performance, reducing the logging of allowed sessions helps save CPU cycles, ensuring that the Fortinet device can devote more resources to processing legitimate traffic. This is particularly important in high-traffic environments, where logging all sessions, whether denied or allowed, could lead to unnecessary overhead and potential degradation of the device’s ability to handle current demands.

Other options suggest different functionalities that do not align with the purpose of the 'ses-denied-traffic' setting. For instance, allowing all traffic regardless of session or blocking traffic for a week doesn’t accurately reflect the operational objectives tied to session management. Similarly, increasing logging frequency for all sessions would defeat the purpose of optimizing performance by creating additional load on the system.