From the tcp dump at the server end, I am seeing a lot of traces on TCP Dup ACK, retransmission and out of order being flag out at the pcap file The connection made is via VPN client to the Web Application server. Tried few scenario where we access directly bypass the PaloAlto firewall and we don't see this traces on tcp dups and retransmission. For now the asymmetric routing is not the case. I'm suspecting something need to be tweak at the firewall either adjusting the MSS or disable server response inspection (DSRI) Is there any other useful tips on how to ensure less tcp dups and retransmission would occurs if the request made by the client need to pass through Palo Alto firewall?
... View more