CFP3.0 Advanced settings, “Attack detection settings”, Miscellaneous folder:
- Block Fragmented IP Datagrams: unchecked (hence set to No)
- Do Protocol Analyzis: checked (set to Yes)
A couple of sample program, sending and receiving UDP datagrams bigger than 1472 bytes (MTU=1500) showed that CFP was blocking incoming/outgoing fragmented IP traffic.
Unchecked “Do Protocol Analyzis”, then everything worked fine.
This is not normal. Datagrams, although fragmented, were perfectly respecting IP and UDP protocols and should NOT have been blocked.