FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Sabk_FTNT
Staff
Staff
Article Id 192785

Description

For UDP and TCP traffic, the FortiGate traffic log fields 'Dst Port' and 'Src Port' are populated with source port and destination port associated to the protocol.

ICMP protocol does not have source and destination ports numbers, but the FortiGate traffic log still report a 'Dst Port' value.
 
This KB article explains, what does this value correspond to.


Fortigate-log.png


For ICMP traffic, the Dst_Port field is used to report ICMP type and code.

Wireshark trace.png

ICMP type and code, in decimal format on Dst Port field are interpreted in Service field.

Samples :
Decimal
Hexadecimal
Type
Code
Meaning
771
303
3
03
Destination unreachable
Port unreachable
778
30A
3
10
Destination unreachable
Communication with Destination Host is Administratively Prohibited
2048
800
8
00
Echo Request


ICMP type and code are defined in RFC 792.
 
RFC-code.png


Contributors