Skip to main content
SassiVeeran
Staff
SassiVeeran
Staff
October 24, 2024

Technical Tip: FortiGate blocks TCP-null packet

  • October 24, 2024
  • 0 replies
  • 644 views
Description This article describes that FortiGate blocks the TCP-null packet by default.
Scope FortiGate.
Solution
  • TCP-Null packet series of TCP packets that contain a sequence number of 0 and no set flags. 
  • FortiGate blocks TCP null packets by default.

 

Assume the network as below:

Client/Machine------> FortiGate------->Server

 

  1. Generate TCP-null scan using Zenmap app from client machine to destination server.

 

nmap app.JPG

 

  1. Packet capture on FortiGate shows it receives the scan traffic but does not forward it to the server. A similar packet capture taken on the server end shows no scan traffic has been received. No Flag was seen on the TCP session.

 

pcap nmap no flag.JPG

 

  1. Whereas debug flow shows it does not match any session as 'no session matched', and FortiGate silently blocks the traffic. No session will be created for this traffic. FortiGate considers it as illegitimate traffic since it does not have any Flag on the TCP session, hence dropping the packet.

 

no session match.JPG
Terms & ConditionsAccessibility statement