Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rvillaroman
Staff
Staff

Created on ‎06-20-2024 11:14 PM Edited on ‎06-20-2024 11:15 PM By Community Manager

Article Id 321721

Troubleshooting Tip: Unable to access and get an error message of 'Session is in BLOCK state. Drop the packet'

Description

This article describes how to fix the error 'Session is in BLOCK state. Drop the packet'.

 

Picture1.png
Scope FortiGate.
Solution

By default, the service 'ALL' is set to use protocol type 'IP', with protocol number 0 meaning any.

 

Picture2.png

 

However, if the protocol type is set to TCP/UDP/SCTP and the source and destination ports are set to 0, it means that it is blocked all or (any to null) and tagged as in BLOCK state by the firewall policy.

 

Picture3.png

 

Picture4.png

 

To fix this error,  verify that the correct port or port range is in use. If setting the TCP/UDP/SCTP port to 0, it means that it will never match any traffic and will give an error message of 'Session is in BLOCK state. Drop the packet'.This is applicable to any custom service. 
560
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.