Some sessions in the WebUI as well as CLI show zero bytes.
Viewing session details via CLI reveals the folllwing:
source: 0.0.0.0 [boe-trust]
sport: 0 dport: 6081
state: ACTIVE type: PRED
src user: unknown
dst user: unknown
source: 22.214.171.124 [boe-untrust]
sport: 6081 dport: 0
state: OPENING type: PRED
start time : Wed Sep 19 12:02:15 2012
timeout : 60 sec
time to live : 10 sec
total byte count(c2s) : 0
total byte count(s2c) : 0
layer7 packet count(c2s) : 0
layer7 packet count(s2c) : 0
vsys : vsys5
application : undecided
application db : 0
session to be logged at end : False
session in session ager : True
session synced from HA peer : False
address/port translation : source + destination
nat-rule : global-nat(vsys5)
prediction triggered by : server
prediction matched once : False
The sessions listed above from the CLI output are "Predict" sessions. It is normal expected behavior for predict sessions to show zero bytes.
A predict session is a session that was opened for expected traffic to eventually hit the firewall using the 6-tuple listed in the predict session.
Once traffic matches that predict session, the predict session turns into an active flow which is a "real" session. Until then, zero bytes is normal and expected.