Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
flamer
New Contributor II

Zero data sent and received.. on udp??

So using fgm logs and faz they both show me the same results. for some tcp session we can see number of packets sent and received is 0, along with data transferred 0, this makes sense, tcp handshake probably doesn't complete (or does complete then reject) and no further transactions happens, therefore we have a session with zero bytes transferred. All good.

 

 

But for UDP, the packet is just transmitted, now regardless of whether it makes it to the receiver or not,  how can it possibly be 0 bytes sent and received and 0 packets sent and received? I see this on both fmg and faz for some traffic. 

1 Solution
srajeswaran

When you enable "set logtraffic-start enable" under policy config, the system generates a log as soon as the session is created and this log don't have any data/packets details. These logs shows packets "0", there will be another log generated when the session is closed or after 2 minutes if the session is active for more than 2 minutes with the current packet details/counts.

 

In below image, both entries are for same session, first one generated at the beginning with "0" packets and the second one generated after the session is closed with the data/packet count.

 

packet-count.png

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

8 REPLIES 8
Jean-Philippe_P
Moderator
Moderator

Hello flamer,

 

I found this document:

 

https://community.fortinet.com/t5/FortiAnalyzer/Troubleshooting-Tip-FortiGate-to-FortiAnalyzer-conne... 


Could you please tell me if it helped?

 

If not, we will find another solution to reply to your answer.

 

Thanks,

Jean-Philippe - Fortinet Community Team
flamer

Hello no that was not related at all sorry.

Jean-Philippe_P

Hello flamer,

 

We are still looking for an answer to your question.

 

We will come back to you ASAP.

 

Thanks,

Jean-Philippe - Fortinet Community Team
Jean-Philippe_P
Moderator
Moderator

Hello Flamer,

 

I have got an answer from one of our engineers.

 

He said that you need to check your network, mtu/mss or also in the settings of the fgt to have them send with reliable/not reliable connection.

 

It is better to open a ticket from our TAC team, it is very hard to give an answer to this type of question without deep troubleshooting.

 

Kindest regards,

Jean-Philippe - Fortinet Community Team
srajeswaran
Staff
Staff

Can you confirm if these are for traffic hitting default deny policy( Policy ID 0) or the logs shows action as accept and a valid non-zero policy?
For TCP as well, even the 3 way handshake packets are counted into the data exchanged using the session.

Can you share one of such logs?

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

flamer
New Contributor II

Hello yes the traffic is being accepted by policy. 

 

Screenshot taken -

 

snmp.png

 

srajeswaran

When you enable "set logtraffic-start enable" under policy config, the system generates a log as soon as the session is created and this log don't have any data/packets details. These logs shows packets "0", there will be another log generated when the session is closed or after 2 minutes if the session is active for more than 2 minutes with the current packet details/counts.

 

In below image, both entries are for same session, first one generated at the beginning with "0" packets and the second one generated after the session is closed with the data/packet count.

 

packet-count.png

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

flamer
New Contributor II

thank you, yes that seems to explain it!

Top Kudoed Authors