Technical Explanation: FortiGate traffic logs show "destination port number" for an ICMP traffic
For UDP and TCP traffic, the FortiGate traffic log fields 'Dst Port' and 'Src Port' are populated with source port and destination port associated to the protocol.
ICMP protocol does not have source and destination ports numbers, but the FortiGate traffic log still report a 'Dst Port' value.
This KB article explains, what does this value correspond to.
For ICMP traffic, the Dst_Port field is used to report ICMP type and code.
ICMP type and code, in decimal format on Dst Port field are interpreted in Service field.
Communication with Destination Host is Administratively Prohibited
ICMP type and code are defined in RFC 792.
Last Modified Date: 10-09-2013 Document ID: FD34359