Forum Discussion

utahman3431_307's avatar
utahman3431_307
Icon for Cirrus rankCirrus
Apr 11, 2017

Multiple TCP Retransmission and Out-of-order packets with SNAT disabled

I have a unique setup that requires SSL VPN users to get an ip from a pool based on an Active Directory membership. This IP pool then has various firewall rules it is assigned to on a Checkpoint firewall. Users are complaining of slow speed, and after setting up an IP forwarding VS I'm seeing better speeds, but am still seeing a tcp retransmit or out-of-order packet for every packet going through the VS.

 

APM
devops
LTM
slow connectivity
tcp retransmission

1 Reply

Sort By
  • utahman3431_307's avatar
    utahman3431_307
    Icon for Cirrus rankCirrus
    Apr 11, 2017

    Here's the setup I have. There's 3 virtual servers involved. The first server is the new IP Forwarding server F5 helped me setup. The second server is the one that forwards http traffic to our https VS. the third VS is the one that handles the rest of the connection.

     

    I was thrown into this project with no F5 knowledge, so please excuse my ignorance if I have this setup completely incorrect.

     

     

    I tried adding this code in separately, but F5 was marking is as spam for some reason...

     

    Here's a snapshot of what I'm seeing on my packet captures:

     

     

    I've been working with F5 support on this, and they were the ones that got me to setup the IP forwarding server, but unfortunately I cannot use SNAT. It won't allow our firewall rules to be processed correctly. Here's a quick look at what the packet capture to the same site looks like with SNAT enabled:

     

     

    Does anyone have an idea of what could be going on?