Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kyozloveyou_FTNT
Staff
Staff

Created on ‎09-30-2019 01:32 AM Edited on ‎04-09-2025 09:50 AM By Community Manager

Article Id 194362

Troubleshooting Tip: Compliance Check - Check the dropped out-of-state TCP packets

Description

 

This article describes how to eliminate the 'Check the dropped out-of-state TCP packets are logged' error in the FortiGate compliance check.

 

Scope

 

FortiGate.


Solution

 

When a compliance check has been completed under System -> advanced -> Compliance, it is normal to see an error message stating 'Check the dropped out-of-state TCP packets are logged' in the compliance logs.

 

Stephen_G_0-1744217320195.png

 

Enable the out-of-state TCP packets with the following command:


config log setting
    set log-invalid-packet enable
end

 

In FortiOS v7.4.X and above, the command shown above has been replaced with the following:

config log setting
    set extended-log enable
end


After enabling this setting, the following information will be displayed:

 

4335
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.