Web Application intermittently having a performance issue

Showing results for 
Show  only  | Search instead for 
Did you mean: 

Web Application intermittently having a performance issue

L0 Member

From the tcp dump at the server end, I am seeing a lot of traces on TCP Dup ACK, retransmission and out of order being flag out at the pcap file








The connection made is via VPN client to the Web Application server. Tried few scenario where we access directly bypass the PaloAlto firewall and we don't see this traces on tcp dups and retransmission. For now the asymmetric routing is not the case. I'm suspecting something need to be tweak at the firewall either adjusting the MSS or disable server response inspection (DSRI)

Is there any other useful tips on how to ensure less tcp dups and retransmission would occurs if the request made by the client need to pass through Palo Alto firewall? 


Cyber Elite
Cyber Elite

were you able to capture ngress and egress on the firewall, and trace the global counters at the same time? that may shed some light on what's going on


some of those Lenghts seem very large, are you allowing jumbo frames ? You could set TCP MSS to lower the payload


you mention asymmetric routing, how are you sure that is not the issue?

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization

L6 Presenter

You may check globalprotect logs for keepalive issues:





The other thing is check for MTU issues:








If you have a newer version of the firewall 9.1 or newer or newer you can see the latency from the firewall:




Hello! I would like to say.... I am a student. First year... Learning all the disciplines and communication. Now Truth has recently started having difficulty with writing assignments in college. But already now I'm thinking about searching for a phd dissertation writing service. So far, the best thing to do is EduGeeks service. The writers are very cool and always come to the rescue despite the difficulties.

  • 3 replies
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!