Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ellenluo
Staff
Staff

Created on ‎12-26-2014 12:53 PM Edited on ‎01-04-2022 01:16 PM By Anonymous

Article Id 190490

Why UDP traffic with source port 0 cannot pass through FortiGate-1500D

Description
Problem:
UDP traffic with source port 0 is dropped by FortiGates using NP6 network processors.

For example:
1) FortiGate-1240B (NP4 platform) -- traffic is not dropped
2) FortiGate-1500D (NP6 platform) --  traffic is dropped
Scope
Any NP6-related platform -- for example, FortiGate-1500D, FortiGate-3700D

Solution

There is a more strict validation check mechanism on NP6 based platforms.  FortiGate considers any UDP traffic with source port 0 as invalid.

Please contact your application vendor to ensure legitimate traffic does not use a source port of 0.



The following register was hard-coded on NP6 which will drop UDP source port 0. There is no such register in NP4

Diagnose npu np6 register 0

udp_sp_zero_ena =00000001



Labels:
2479
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.