My company recently upgraded from a Fortigate 620b to the 500E and one of our sites has to use CIPSO. The 500E sees these packets as malformed and drops them. I can't get approval to tunnel this particular sites traffic through the 500E, so I'm stuck having to have a seperate firewall (620b) and other equipment set up just to support this one site. Cisco equipment has the ip security ignore-cipso command to get around this issue. The Fortigate does not. Does anyone know of a work around for this on the Fortigate 500E? Thanks.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.