From the tcp dump at the server end, I am seeing a lot of traces on TCP Dup ACK, retransmission and out of order being flag out at the pcap file
The connection made is via VPN client to the Web Application server. Tried few scenario where we access directly bypass the PaloAlto firewall and we don't see this traces on tcp dups and retransmission. For now the asymmetric routing is not the case. I'm suspecting something need to be tweak at the firewall either adjusting the MSS or disable server response inspection (DSRI)
Is there any other useful tips on how to ensure less tcp dups and retransmission would occurs if the request made by the client need to pass through Palo Alto firewall?
were you able to capture ngress and egress on the firewall, and trace the global counters at the same time? that may shed some light on what's going on
some of those Lenghts seem very large, are you allowing jumbo frames ? You could set TCP MSS to lower the payload
you mention asymmetric routing, how are you sure that is not the issue?
You may check globalprotect logs for keepalive issues:
The other thing is check for MTU issues:
If you have a newer version of the firewall 9.1 or newer or newer you can see the latency from the firewall:
Hello! I would like to say.... I am a student. First year... Learning all the disciplines and communication. Now Truth has recently started having difficulty with writing assignments in college. But already now I'm thinking about searching for a phd dissertation writing service. So far, the best thing to do is EduGeeks service. The writers are very cool and always come to the rescue despite the difficulties.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!