Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
naveenk
Staff
Staff

Created on ‎09-21-2020 12:18 AM Edited on ‎09-20-2024 07:37 AM By Moderator

Article Id 194730

Technical Tip: Strict protocol header checking disables hardware acceleration

Description


This article gives the command to cause the FortiGate and apply strict header checking to verify that a packet is part of a session that can be processed.

 

Scope

 

FortiGate.

Solution


Strict header checking includes verifying the layer-4 protocol header length, the IP header length, the IP version, the IP checksum, and IP options, and verifying that ESP packets have the correct sequence number, SPI, and data length.
If the packet fails for the header check it will be dropped by the FortiGate .

 

config system global
    set check-protocol-header strict
end

 

Enabling a strict header check will disable all hardware acceleration. This includes NP, SP, and CP processing.

 

Related topics:

Technical Tip: Protocol header checking 

1922
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.