Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎03-23-2009 07:17 AM Edited on ‎10-21-2025 12:58 AM By Moderator

Article Id 195043

Technical Tip: FortiGate log information: traffic log with firewall policy of 0 (zero) 'policyid=0'

 

Description This article describes in which situations the FortiGate will log a firewall policy of 0 (zero) in traffic logs.
Scope FortiGate.
Solution

When viewing the FortiGate logs, you may find an entry indicating policyid="0". For example:

 

2008-10-06 00:13:49 log_id=0022013001 type=traffic subtype=violation pri=warning vd=root SN=179089 duration=0 user=N/A group=N/A rule=0 policyid=0 proto=17 service=137/udp app_type=N/A status=deny src=10.181.77.73 srcname=10.181.77.73 dst=10.128.1.161 dstname=10.128.1.161 src_int=N/A dst_int="Internal" sent=0 rcvd=0 src_port=137 dst_port=137 vpn=N/A tran_ip=0.0.0.0 tran_port=0

 

Any firewall policy that is automatically added by the FortiGate unit has a policy ID number of 0.

 

The following are the most commonly created by the FortiGate unit:

  • The (IPsec) policy for FortiAnalyzer (and FortiManager v3.00) that is automatically added when an IPsec connection to the FortiAnalyzer unit (or FortiManager v3.00) is enabled has a policy ID number of 0.
  • The policy to allow FortiGuard servers to be automatically added has a policy ID number of 0.
  • When the loglocaldeny command is enabled (global setting), connection attempts to FortiGate IP addresses (as well as network broadcast address since FortiOS  is listening on) not allowed will be dropped with violation and reported by policy ID0 (see sample log above).
  • When Network Zone is defined within a Vdom, intra-zone traffic being set to Allow or Block will be managed by a policy ID 0, if not previously processed by a regular policy.
  • The (default) drop rule that is the last in the policy and that is automatically added has a policy ID number of 0.

  • IPmac binding is enabled on a specific interface. All IP entries not declared in the firewall IPmacbinding table will be rejected by policy ID 0. Refer to the Related Articles section below for more information.

  • For locally-sourced traffic by FortiGate, for example, load-balancing health monitors towards Real-Servers behind FortiGate:

FortiGate IP: 10.1.1.10.

Real Server IP: 172.16.33.33.

 

"state=00004204 tuple-num=2 policyid=0
dir=0 act=0 hook=3 10.1.1.10:22608->172.16.33.33:8080(0.0.0.0:0)
dir=1 act=0 hook=1 172.16.33.33:8080->10.1.1.10:22608(0.0.0.0:0)"

 

Related articles:

Troubleshooting Tip : Message msg="HWaddr-xx:xx:xx:xx:xx:xx is in black list, drop" in a "diagnose d...

Troubleshooting Tip : debug flow messages "iprope_in_check() check failed, drop" - "Denied by forwar...

 

Labels:
27061
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.