Technical Tip: FortiGate showing 0 sent packets/bytes for HTTPS Virtual Server

When a Virtual Server of type 'HTTPS' is used, it can be observed that traffic logs in FortiGate or in FortiAnalyzer show 0 Sent Packets/Bytes for the Virtual Server IP. However, for the Virtual Server of Type 'SSL', the traffic logs show both Send/Receive bytes normally.

This behavior is by design and aligns with how HTTP/2 multiplexing is handled by FortiGate.

HTTPS virtual servers parse HTTP traffic (including HTTP/2), so the client port may not be reused, causing the counters to show 0 bytes in the sent direction. SSL virtual servers handle only the TCP/SSL layer without parsing HTTP, so the client port is reused, and the counters display normally.

To verify real traffic is flowing:

• Use diagnose sys session list | grep <vip-ip-or-port> to check active sessions.
• Monitor real server stats under the virtual server (GUI: Policy & Objects -> Virtual Servers -> Monitor real servers).
• Check backend server logs or use packet captures (diagnose sniffer packet any 'host <client-ip> and port 443' 4 0 l) to confirm traffic.