Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
SassiVeeran
Staff
Staff

Created on ‎10-23-2024 11:47 PM

Article Id 352100

Technical Tip: FortiGate blocks TCP-null packet

Description This article describes that FortiGate blocks the TCP-null packet by default.
Scope FortiGate.
Solution
  • TCP-Null packet series of TCP packets that contain a sequence number of 0 and no set flags. 
  • FortiGate blocks TCP null packets by default.

 

Assume the network as below:

Client/Machine------> FortiGate------->Server

 

  1. Generate TCP-null scan using Zenmap app from client machine to destination server.

 

nmap app.JPG

 

  1. Packet capture on FortiGate shows it receives the scan traffic but does not forward it to the server. A similar packet capture taken on the server end shows no scan traffic has been received. No Flag was seen on the TCP session.

 

pcap nmap no flag.JPG

 

  1. Whereas debug flow shows it does not match any session as 'no session matched', and FortiGate silently blocks the traffic. No session will be created for this traffic. FortiGate considers it as illegitimate traffic since it does not have any Flag on the TCP session, hence dropping the packet.

 

no session match.JPG
Labels:
406
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.