Created on 03-24-2005 12:00 AM
Description | The Check Point VPN tunnel is not going through to the FortiGate unit. |
Components |
|
Steps or Commands | A sniffer trace on the external interface of the FortiGate unit shows the following:
Note that the Length value is 84. The correct value is 92. Eight bytes of the UDP header are missing. Because of this, the checksum is not performed. The trace shows that the returned UDP packets from the Check Point firewall (20.20.20.20) have a miscalculated UDP length. The UDP length value is missing the 8 bytes of the UDP header, and there is also no UDP checksum value. Due to this Check Point problem, the FortiGate unit drops the malformed packets and does not forward them to the internal interface. Therefore the Check Point VPN tunnel is not going through the FortiGate unit. |
Solution | Contact Checkpoint. This issue can be solved with NGX R60 from Checkpoint. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.