After upgrading to FortiOS 4.3 you may see an increase in the number of log entries displayed which mention Policy ID 0. This is generally due to more extended logging being enabled by default when upgrading to 4.3. Here are a couple of good knowledge base entries that have more info.
Technical Note : other-traffic is changed to extended-traffic-log in FortiOS 4.0MR3 and enabled by default
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD33208&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=40690597&stateId=0%200%2040692421
FortiGate log information : traffic log with firewall policy of 0 (zero) "policyid=0"
http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=13900&sliceId=1&docTypeID=DT_KCARTICLE_1_1&dialogID=40690572&stateId=0%200%2040692396
If I may suggest another solution:
ReplyDeletediagnose debug enable
diagnose debug flow show console enable
diagnose debug flow filter add [target or source ip address to look at]
diagnose debug flow trace start 100
You should see where the problem lies.
great tip, thanks for sharing
ReplyDelete