Created on 01-22-2019 03:33 AM
Hi,
One of my clients have sip traffic passing through firewall. When we view forward logs firewall shows lots of logs with "0 Bytes sent/received". What does it mean?.
Created on 04-27-2022 06:15 AM
I am also seeing similar behavior on one my customers VM fortigate,
date=2022-04-27 time=13:08:00 eventtime=1651045081133832550 tz="+0530" logid="0000000013" type="traffic" subtype="forward" level="notice" vd="root" srcip=182.176.150.29 srcport=3233 srcintf="port1" srcintfrole="wan" dstip=20.204.73.155 dstport=89 dstintf="port2" dstintfrole="lan" srccountry="Pakistan" dstcountry="India" sessionid=791062511 proto=6 action="timeout" policyid=16 policytype="policy" poluuid="98c25598-1ecd-51ec-a109-2bb75d201426" policyname="Tenant-Api2" service="tcp/89" trandisp="snat+dnat" tranip=10.1.20.13 tranport=80 transip=10.1.17.5 transport=5952 duration=10 sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0 appcat="unscanned"
Created on 04-27-2022 07:10 AM
Hey pbangari,
in your case, the log is for a timeout:
action="timeout"
-> the session likely timed out because there was no further traffic
Created on 04-28-2022 04:52 AM
Thank you for the reply!
If this log was written when Fortigate received a new first packet, why the sentbyte=0 rcvdbyte=0 sentpkt=0 rcvdpkt=0.
