My company recently upgraded from a Fortigate 620b to the 500E and one of our sites has to use CIPSO. The 500E sees these packets as malformed and drops them. I can't get approval to tunnel this particular sites traffic through the 500E, so I'm stuck having to have a seperate firewall (620b) and other equipment set up just to support this one site. Cisco equipment has the ip security ignore-cipso command to get around this issue. The Fortigate does not. Does anyone know of a work around for this on the Fortigate 500E? Thanks.
No comments:
Post a Comment