Thursday, December 6, 2012

Traffic Blocked by Policy ID 0

After upgrading to FortiOS 4.3 you may see an increase in the number of log entries displayed which mention Policy ID 0. This is generally due to more extended logging being enabled by default when upgrading to 4.3. Here are a couple of good knowledge base entries that have more info.

Technical Note : other-traffic is changed to extended-traffic-log in FortiOS 4.0MR3 and enabled by default
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD33208&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=40690597&stateId=0%200%2040692421

FortiGate log information : traffic log with firewall policy of 0 (zero) "policyid=0"
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=13900&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=40690572&stateId=0%200%2040692396

2 comments:

David said...

If I may suggest another solution:

diagnose debug enable
diagnose debug flow show console enable
diagnose debug flow filter add [target or source ip address to look at]
diagnose debug flow trace start 100

You should see where the problem lies.

Anonymous said...

great tip, thanks for sharing