'Route id 0' means that the source IP address of the session is not matching a route in the routing table of the firewall.
The information below explains in which case MAC address of a session is 000000000000 and route id is 0 in session table with examples.
Topology
PC1 --------------------(NAT mode) Firewall -------------------- Router -------------------- Internet
.2 20.1.1.0/24 .1 .2 10.1.1.0/24 .1
Case 1 - Send packet to unknown host at 10.1.1.0/24 subnet
"hping 10.1.1.5 -S --rand-source" to unknown host 10.1.1.5 (it is not exist on 10.1.1.0/24 subnet)
Firewall-> get route
--------------------------------------------------------------------------------
ID IP-Prefix Interface Gateway P Pref Mtr Vsys
--------------------------------------------------------------------------------
* 7 10.1.1.2/32 eth2/1 0.0.0.0 H 0 0 Root
* 9 20.1.1.1/32 eth2/2 0.0.0.0 H 0 0 Root
* 30 30.1.1.0/24 eth2/1 10.1.1.1 S 20 1 Root
* 8 20.1.1.0/24 eth2/2 0.0.0.0 C 0 0 Root
* 6 10.1.1.0/24 eth2/1 0.0.0.0 C 0 0 Root
Firewall-> get session
id 500039/s0*,vsys 0,flag 08200400/0000/0003,policy 1,time 1, dip 2 module 0
if 22(nspflag 0801):32.254.13.203/2669->10.1.1.5/0,6,000000000000,sess token 4,vlan 0,tun 0,vsd 0,route 0,wsf 0
if 21(nspflag 10000800):10.1.1.2/1739<-10.1.1.5/0,6,000000000000,sess token 6,vlan 0,tun 0,vsd 0,route 6,wsf 0
- For session wing1, the source IP address (32.254.13.203) is random and no reverse route for this on the route table, so router id is 0. If "set arp always-on-dest" is configured, the firewall do not cache the source MAC in the session table, so source MAC shows 000000000000
- For session wing2, the firewall is running as NAT mode, 10.1.1.2 is the destination IP address of 10.1.1.5 (unknown host), and from the firewall the reverse route for 10.1.1.5 is 10.1.1.0/24 (route id 6), but the firewall do not know the MAC address of 10.1.1.5, so source MAC of 10.1.1.5 is 000000000000
Case 2 - send packet to unknown host at 30.1.1.0/24 subnet
"hping 30.1.1.5 -S --rand-source" to unknown host 30.1.1.5. The next hop for 30.1.1.0/24 network is 10.1.1.1.
Firewall-> get route
--------------------------------------------------------------------------------
ID IP-Prefix Interface Gateway P Pref Mtr Vsys
--------------------------------------------------------------------------------
* 7 10.1.1.2/32 eth2/1 0.0.0.0 H 0 0 Root
* 9 20.1.1.1/32 eth2/2 0.0.0.0 H 0 0 Root
* 30 30.1.1.0/24 eth2/1 10.1.1.1 S 20 1 Root
* 8 20.1.1.0/24 eth2/2 0.0.0.0 C 0 0 Root
* 6 10.1.1.0/24 eth2/1 0.0.0.0 C 0 0 Root
Firewall-> get session
id 500041/s0*,vsys 0,flag 08200400/0000/0003,policy 1,time 2, dip 2 module 0
if 22(nspflag 0801):163.160.143.148/1597->30.1.1.5/0,6,000000000000,sess token 4,vlan 0,tun 0,vsd 0,route 0,wsf 0
if 21(nspflag 10800800):10.1.1.2/1881<-30.1.1.5/0,6,001143eccf24,sess token 6,vlan 0,tun 0,vsd 0,route 30,wsf 0
- For session wing1, the source IP address (163.160.143.148) is random and no reverse route for this on the route table, so router id is 0. If "set arp always-on-dest" is configured, the firewall do not cache the source MAC in the session table, so source MAC shows 000000000000
- For session wing2, the firewall is running as NAT mode, 10.1.1.2 is the destination IP address of 30.1.1.5 (unknown host), and from the firewall the reverse route for 30.1.1.5 is 30.1.1.0/24 (route id 6), and the firewall know the MAC address of 30.1.1.5, it is from Router, so source mac is Router's MAC 001143eccf24.
- If the route for 30.1.1.0/24 is deleted, session wing2 will be changed, because there is no reverse route for 30.1.1.5, then the firewall use route id 0, also the firewall did not get the ARP reply when creating session wing 1. So it is 0 mac.
id 500039/s0*,vsys 0,flag 08200400/0000/0003,policy 1,time 2, dip 2 module 0
if 22(nspflag 0801):2.142.231.48/1631->30.1.1.5/0,6,000000000000,sess token 4,vlan 0,tun 0,vsd 0,route 0,wsf 0
if 21(nspflag 10004800):10.1.1.2/1912<-30.1.1.5/0,6,000000000000,sess token 6,vlan 0,tun 0,vsd 0,route 0,wsf 0
Case 3 - firewall has a default gateway
"hping 10.1.1.5 -S --rand-source" to unknown host 10.1.1.5 (it is not exist on 10.1.1.0/24 subnet)
Firewall-> get route
--------------------------------------------------------------------------------
ID IP-Prefix Interface Gateway P Pref Mtr Vsys
--------------------------------------------------------------------------------
* 31 0.0.0.0/0 eth2/2 20.1.1.2 S 20 1 Root
* 7 10.1.1.2/32 eth2/1 0.0.0.0 H 0 0 Root
* 9 20.1.1.1/32 eth2/2 0.0.0.0 H 0 0 Root
* 8 20.1.1.0/24 eth2/2 0.0.0.0 C 0 0 Root
* 6 10.1.1.0/24 eth2/1 0.0.0.0 C 0 0 Root
id 500039/s0*,vsys 0,flag 08200400/0000/0003,policy 1,time 2, dip 2 module 0
if 22(nspflag 800801):79.181.84.42/2505->10.1.1.5/0,6,0015177ad236,sess token 4,vlan 0,tun 0,vsd 0,route 31,wsf 0
if 21(nspflag 10000800):10.1.1.2/1938<-10.1.1.5/0,6,000000000000,sess token 6,vlan 0,tun 0,vsd 0,route 6,wsf 0
- For session wing1, the source IP address (79.181.84.42) is random and there is a reverse route for this on the route table (route id 31), If "set arp always-on-dest" is not configured, the firewall cache the source MAC in the session table, so source MAC shows 0015177ad236 of PC1.
- For session wing2, the firewall is running as NAT mode, 10.1.1.2 is the destination IP address of 10.1.1.5 (unknown host), and from the firewall the reverse route for 10.1.1.5 is 10.1.1.0/24 (route id 6), but the firewall do not know the MAC address of 10.1.1.5, so source mac is 0.