FortiGate log information : traffic log with firewall policy of 0 (zero) "policyid=0"
Article
Description FortiGate units create a firewall policy of 0 (zero) which can appear in the logs.
Components
  • All FortiGate units.
Steps or Commands

When viewing the FortiGate logs, you may find an entry indicating policyid="0". For example:

2008-10-06 00:13:49 log_id=0022013001 type=traffic subtype=violation pri=warning vd=root SN=179089 duration=0 user=N/A group=N/A rule=0 policyid=0 proto=17 service=137/udp app_type=N/A status=deny src=10.181.77.73 srcname=10.181.77.73 dst=10.128.1.161 dstname=10.128.1.161 src_int=N/A dst_int="Internal" sent=0 rcvd=0 src_port=137 dst_port=137 vpn=N/A tran_ip=0.0.0.0 tran_port=0

Any firewall policy that is automatically added by the FortiGate unit has a policy ID number of 0.

The following are the most commonly created by the FortiGate unit

  • The (IPsec) policy for FortiAnalyzer (and FortiManager v3.00) that is automatically added when an IPsec connection to the FortiAnalyzer unit (or FortiManager v 3.00) is enabled has a policy ID number of 0.
  • The policy to allow FortiGuard servers to be automatically added has a policy ID number of 0.
  • When loglocaldeny command is enabled (global setting), connection attempt to FortiGate IP addresses (as well as network broadcast¬† address since FortiOS¬† is listening on) not allowed will be dropped with violation and reported by policy ID0 (see sample log above)
  • When Network Zone is defined within a Vdom, intra-zone traffic being set to Allow or Block will be managed by a policy ID 0, if not previously being processed by a regular policy.
  • The (default) drop rule that is the last rule in the policy and that is automatically added has a policy ID number of 0.
  • ipmac binding is enabled on a specific interface. All IP entries not declared in the firewall ipmacbinding table will be rejected by policy ID 0. Refer to Related Articles section below for more information.
Related Articles
Troubleshooting Tip : debug flow messages "iprope_in_check() check failed, drop" - "Denied by forward policy check" - "reverse path check fail, drop"
Troubleshooting Tip : Message msg="HWaddr-xx:xx:xx:xx:xx:xx is in black list, drop" in a "diagnose debug flow" output
Last Modified Date: 05-31-2014 Document ID: 13900