Ensure no category is set to "Allow" on FortiGate Application Control. Any category that is set as "Allow" on Application Control will not be logged. This creates a visibility gap on security investigation. This includes "Unknown Applications" category.
Solution
On GUI: 1. Go to "Security Profiles" > "Application Control". 2. Select the relevant App Control profile. 3. Change any categories with "Allow" action to "Monitor". Impact: Visibility gap, which affects incident forensics and response.