I know, of course, that this is NetBIOS communication used in file and printer sharing in Windows. However, I don't really know how to identify its source on a given host. On some hosts it is present and on others it is not.
2. Sometimes there is also blocked network traffic on FG, visible in the logs as UDP/0, e.g.:
You've answered it yourself pretty much. It is NetBIOS broadcast traffic being denied by the FortiGate's local-in policy. It is totally benign. If you don't want it disable it on your hosts.
As for the dstport=0 that is odd. How often do you see that one? Might be worth doing a packet capture on the host to get some more details? You should be able to glean something from the payload possibly.
1. NetBIOS communication on UDP ports 137 and 138 is used for file and printer sharing in Windows. To identify its source on a given host, take a Wireshark packet capture for the network traffic on those ports. Look for packets with a NetBIOS header, which contains information about the source and destination hosts, as well as the type of NetBIOS service being requested. You can use this information to trace the source of the NetBIOS traffic on your network.
2. UDP traffic on port 0 is often used as a placeholder when the port number is not known or not relevant. In the case of your Fortigate logs, the "udp/0" traffic is likely just background noise or chatter on your network, and is being blocked by the firewall as a precautionary measure. Unless you notice any specific issues or anomalies on your network, this traffic can be ignored. As informed by @gfleming it is better to take a packet capture on the host to get more details.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.