Why UDP traffic with source port 0 cannot pass through FortiGate-1500D
Description
Problem:
UDP traffic with source port 0 is dropped by FortiGates using NP6 network processors.
For example:
1) FortiGate-1240B (NP4 platform) -- traffic is not dropped
2) FortiGate-1500D (NP6 platform) -- traffic is dropped
Scope
Any NP6-related platform -- for example, FortiGate-1500D, FortiGate-3700D
Solution
There is a more strict validation check mechanism on NP6 based platforms. FortiGate considers any UDP traffic with source port 0 as invalid.
Please contact your application vendor to ensure legitimate traffic does not use a source port of 0.
The following register was hard-coded on NP6 which will drop UDP source port 0. There is no such register in NP4
Diagnose npu np6 register 0