FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article describes the process of resolving issues related to NP7 DFR (defrag/reassembly) of super jumbo frame on FortiGate devices running FortiOS 7.4.5+. It provides a step-by-step guide to addressing a known issue.
Triggering the bug will cause NP7 to stop forwarding traffic.
Scope
FortiGate.
Solution
To resolve issues related to NP7 no longer forwarding traffic triggered by super jumbo frame reassembly on FortiGate devices running 7.4.5+, follow these steps:
Ifbug ID 1164332 is encountered where NP7 stops forwarding after reassembling a large packet in DFR, workaround the issue by disabling NP7 DFR using the following commands:
config sys npu
config ip-reassembly
set status disable
end
end
Identify large packet sizes: Be aware that packets larger than 16316 bytes can trigger the NP7 traffic forwarding issue unless the workaround is in place. Take necessary measures to handle such packets in the network.
