Hello friends,

So I'm having a hard time trying to block bad tcp checksums. Here's the deal!  I have a FTP connection that transfers files from A to B. In the middle there's a Check Point firewall. From time to time some files get corrupted by bad checksums and mess a databases (as they are injected directly in some tables).

Tried to block it with Check Point using the Inspection Settings but after failed attempts I've opened a case. I was told that it works in conjunction with IPS. Well .. few weeks later here's IPS blade and threat prevention profile applied.

It doesn't give an 'octet' about my policy. FTP transfer gets bad checksums, files get corrupted, injected in database.  The funny part is that Fortinet blocks this by design , even without IPS activated.

So back to Check Point gateway, I have tried literally everything. I even wrote a small script that uses scapy and tried to generate bad checksum packets.  Other firewalls detects and block it.  Even tcpdump confirms they have bad checksums.

Checkpoint blocks other stuff like but not bad checksums.   By the way, IPS policy is set to strict and during a file transfer I intentionally injected some invalid checkum (0xFFFF).

Am I doing something wrong  here ?