Technical Tip: IPv6 deny log ID 0001000014 was recorded even though IPV6 is not enabled
| Description | This article describes that when a deny log with logid '0001000014' is triggered with IPv6 traffic, even though IPv6 is not enabled in the FortiGate.
For example:
 |
| Scope | FortiGate. |
| Solution | This is the expected behavior if the 'implicit' deny log is enabled as described in the KB article below: Technical Tip: Implicit deny logs
In the example above, the FortiGate receives regular IPv6 multicast packets with destination MAC ff02::fb. If deny log is enabled (fwpolicy-implicit-log enable) and logging of denied broadcast/multicast traffic is enabled (local-in-deny-broadcast), such denied IPv6 multicast will be recorded in the 'Local Traffic' log.
config log setting set fwpolicy-implicit-log enable set local-in-allow enable set local-in-deny-unicast enable set local-in-deny-broadcast enable end
If such deny logs for IPv6 multicast traffic are not preferred to be recorded, there can be two solutions.
config log setting set local-in-deny-broadcast disable
For example: Configure a 'free-style' log filter to exclude sending of logs with the field 'policytype' being' local-in-policy6'(deny traffic matching the local-in IPv6 policy).
config log fortianalyzer filter config free-style edit 1 set category traffic set filter "policytype local-in-policy6" set filter-type exclude next end
date=2025-07-18 time=10:41:58 eventtime=1752806518298563869 tz="+0800" logid="0001000014" type="traffic" subtype="local" level="notice" vd="root" srcip=fe80::5775:7bbb:1aaa:3a8f srcport=5353 srcintf="port10" srcintfrole="undefined" dstip=ff02::fb dstport=5353 dstintf="unknown-0" dstintfrole="undefined" replysrcintf="root" sessionid=2341 proto=17 action="deny" policyid=0 policytype="local-in-policy6" service="udp/5353" trandisp="noop" app="udp/5353" duration=0 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 msg="Connection Failed"
Related article: Technical Tip: Configuring advanced syslog free-style filters |