Fortinet black logo

Handbook

Replay traffic scenario

6.0.0
Copy Link
Copy Doc ID 4afb0436-a998-11e9-81a4-00505692583a:104584
Download PDF

Replay traffic scenario

Situations can arise where an identical TCP packet enters twice the FortiGate via 2 different ports. This can be due to a firewall or other network device redirecting packets out on the same port it has received it.

The FortiGate will in this condition detect a replay packet and drop it.

If the network topology or culprit devices cannot be changed to avoid this, the workaround on the FortiGate can be to disable TCP replay verification packets.

config system global

set anti-replay | loose | strict | disable |

end

The debug flow diagnosis output hereafter shows the message indicating this condition:

id=20085 trace_id=179 msg="vd-VDOM_VLAN1 received a packet(proto=6, 10.10.253.9:10709

>10.10.248.5:25) from TO_EXTERNAL ."

id=20085 trace_id=179 msg="Find an existing session, id-00041475, original direction"

id=20085 trace_id=179 msg="replay packet, drop"

For additional diagnosis and troubleshooting procedures, go to http://kb.fortinet.com.

Replay traffic scenario

Situations can arise where an identical TCP packet enters twice the FortiGate via 2 different ports. This can be due to a firewall or other network device redirecting packets out on the same port it has received it.

The FortiGate will in this condition detect a replay packet and drop it.

If the network topology or culprit devices cannot be changed to avoid this, the workaround on the FortiGate can be to disable TCP replay verification packets.

config system global

set anti-replay | loose | strict | disable |

end

The debug flow diagnosis output hereafter shows the message indicating this condition:

id=20085 trace_id=179 msg="vd-VDOM_VLAN1 received a packet(proto=6, 10.10.253.9:10709

>10.10.248.5:25) from TO_EXTERNAL ."

id=20085 trace_id=179 msg="Find an existing session, id-00041475, original direction"

id=20085 trace_id=179 msg="replay packet, drop"

For additional diagnosis and troubleshooting procedures, go to http://kb.fortinet.com.