I have a rule to allow network traffic between a host and a subnet as below (I have changed the addresses to protect the innocent):
set service "snmp-udp" protocol udp src-port 161-161 dst-port 161-161
set service "snmp-tcp" protocol tcp src-port 161-161 dst-port 161-161
set address "Trust" "host_192.168.115.254" 192.168.115.254 255.255.255.255
set address "PCN-Zone" "BU_Modular_Admin_Net" 10.10.116.0 255.255.252.0
set policy id 26 name "17122008" from "Trust" to "PCN-Zone" "host_192.168.115.254" "BU_Modular_Admin_Net" "snmp-tcp" permit log
set policy id 26
set service "snmp-udp"
exit
The traffic does not pass and the firewall log says that the traffic was dropped as below (the columns don't align, but you will note that the traffic should match the rule):
Log ID Time Received Alert User Flag Src Addr Dst Addr Action Protocol Dst Port Rule # Nat Src Addr Nat Dst Addr Details Category Subcategory Severity Device Comment
20090417/448129 17/04/2009 15:29 No Alert Unflagged host_192.168.115.254 10.10.116.6 Pckt Dropped UDP 161 41 Traffic Traffic Log Info bufw1
There are no rules with a "Deny" action that come before this permit rule. The two devices can ping each other (there is a permit rule allowing any devices in any zone to ping through the firewall in question) so there is definitely a route.
Are there any other reasons why this traffic might be getting dropped?