Fortinet white logo
Fortinet white logo

Hardware Acceleration

Preventing packet ordering problems

Preventing packet ordering problems

In some cases when FortiGate units with NP7, NP6, NP6XLite, or NP6Lite processors are under heavy load, the packets used in the TCP 3-way handshake of some sessions may be transmitted by the FortiGate in the wrong order resulting in the TCP sessions failing.

If you notice TCP sessions failing when a FortiGate with NP7, NP6, NP6XLite, or NP6ite processors is very busy you can enable delay-tcp-npu-session in the firewall policy receiving the traffic. This option resolves the problem by delaying the session to make sure that there is time for all of the handshake packets to reach the destination before the session begins transmitting data.

config firewall policy

set delay-tcp-npu-session enable

end

You can also use the following command to prevent packet ordering problems for all traffic.

config system global

set delay-tcp-npu-session enable

end

This is a global option that applies to all traffic and overrides the per-policy setting.

Preventing packet ordering problems

Preventing packet ordering problems

In some cases when FortiGate units with NP7, NP6, NP6XLite, or NP6Lite processors are under heavy load, the packets used in the TCP 3-way handshake of some sessions may be transmitted by the FortiGate in the wrong order resulting in the TCP sessions failing.

If you notice TCP sessions failing when a FortiGate with NP7, NP6, NP6XLite, or NP6ite processors is very busy you can enable delay-tcp-npu-session in the firewall policy receiving the traffic. This option resolves the problem by delaying the session to make sure that there is time for all of the handshake packets to reach the destination before the session begins transmitting data.

config firewall policy

set delay-tcp-npu-session enable

end

You can also use the following command to prevent packet ordering problems for all traffic.

config system global

set delay-tcp-npu-session enable

end

This is a global option that applies to all traffic and overrides the per-policy setting.