Deep Security needs to perform some level of normalization and stateful analysis on traffic that will process DPI rules. This ensures that the traffic is in normal state for the inspection. During this normalization, error may occur on Verifier module. To ensure that we log all the events for discarded packets and events aside from DPI, we log them in the FW events.
"First fragment too small" is a packet which is dropped when it has the following configuration:
- MF flag = 1
- Offset value = 0
- Total length (maximum combined header length) = less than 120 bytes
For Deep Security 7.0 Service Pack 1, resolve this issue by applying hot fix 1658 and adjusting the value of Minimum Fragment size, which has a default value of 120.
For Deep Security 8.0 and 9.0, set the Minimum Fragment size to a lower value or "0" to turn off this inspection.
- Open the policy you want to modify.
- For Deep Security 8.0, go to Security Profile and open the details of the policy.
- For Deep Security 9.0, go to Policies tab and click Policies, then open the details.
- Click Settings.
- Select Network Engine tab and click Advanced Network Engine Settings section.
- Untick the Default settings.
- Look for Minimum Fragment size and adjust its value. You can initially set it to "60". If the problem persists, set the value to "0".
- Click Save.
- Resend the policy to the agent or appliance.