Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
jstan
Staff
Staff

Created on ‎12-22-2022 01:18 AM Edited on ‎08-28-2023 03:29 AM By Moderator

Article Id 240634

Troubleshooting Tip: Debug flow shows offloading-check failed with reason_code=3 for IPSec traffic

Description

This article explains the meaning of the error 'offloading-check failed, reason_code=3' as it appears in debug flow.
Scope Any version of FortiOS.
Solution

Sometimes, the debug flow displays the following error:

 

id=20085 trace_id=4 func=nipsec_set_ipsec_sa_enc line=1002 msg="IPSec encrypt SA (p1/p2/spi={phase1/phase2/0xbc3596b6}) offloading-check failed, reason_code=3.

 

This error occurs because the NPU does not support the type of encryption algorithm used in the phase 2 configuration.

 

To fix this issue, choose a new encryption algorithm. Refer to the FortiGate cookbook for a list of which encryption algorithms support NPU offloading:

Encryption algorithms v6.2.10.
Encryption algorithms v7.4.0.
Labels:
1428
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.