Occasionally, no UUID is seen in the traffic log when traffic is allowed by a forward traffic policy.   

1. If traffic crosses two interfaces and terminates in a device behind FortiGate, the UUID is shown in a forward traffic log.
   
   Below is an example. It shows a UUID of policy-3.

date=2023-07-31 time=12:35:09 eventtime=1690832109350004072 tz="-0700" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=192.168.221.2 srcport=49679 srcintf="mgmt" srcintfrole="lan" dstip=192.168.198.2 dstport=22 dstintf="port2" dstintfrole="undefined" srccountry="Reserved" dstcountry="Reserved" sessionid=7144 proto=6 action="server-rst" policyid=3 policytype="policy" poluuid="0c2ca970-2fd9-51ee-15ae-a5d0fffd8ffc" policyname="Test" service="SSH" trandisp="noop" duration=5 sentbyte=48 rcvdbyte=40 sentpkt=1 rcvdpkt=1 appcat="unscanned" 

2. If traffic crosses two interfaces and terminates in the FortiGate outgoing interface, there is no UUID in in the forward traffic log because traffic matches the default local in policy.
   
   Below is an example. Policy-3 is forward traffic policy, it allows traffic, so the log shows policy-id 3, policy type is local in policy. No UUID in log.

date=2023-07-31 time=12:40:18 eventtime=1690832417920002185 tz="-0700" logid="0001000014" type="traffic" subtype="local" level="notice" vd="root" srcip=192.168.221.2 srcport=49681 srcintf="mgmt" srcintfrole="lan" dstip=192.168.198.1 dstport=22 dstintf="root" dstintfrole="undefined" srccountry="Reserved" dstcountry="Reserved" sessionid=7536 proto=6 action="close" policyid=3 policytype="local-in-policy" service="SSH" trandisp="noop" app="Console Management(SSH)" duration=121 sentbyte=1872 rcvdbyte=1339 sentpkt=13 rcvdpkt=10 appcat="unscanned"

There are two types of local in policy. For a customized local in policy, there is a UUID. For a default local in policy, there is no UUID. Use the CLI to check the default local in policy:

diagnose firewall iprope list

There is no UUID in the default local in policy.