DescriptionAfter upgrading to 4.2.2 an increase may be seen of the packet drops with L3/L4 anomalies into the different SPP except SPP-0.
ScopeStarting from FortiDDoS v4.2.2
SolutionBy design, from release 4.0.0, the following anomalies were reported in SPP-0 no matter which subnet policy/SPP they occurred in:
- Layer 3 checksum errors
- Layer 3 Anomalies
- Layer 4 (TCP/UDP/ICMP) checksum errors
From 4.2.2, anomalies that allow us to determine the destination IP will be reported in the matching SPP. For this reason an increase may be seen in the anomalies graph and logs for some of the SPPs after an upgrade to 4.2.2 or later.
Some anomalies like invalid IP versions, invalid header length, less than 20 Bytes of IPv4/IPv6 data and less than 20 Bytes of total data will still be reported in SPP-0.