In the most common configurations, where many clients with unique IP addresses connect to the cluster, it makes sense to disable the spoof option when enabling TCP multiplexing, so that server connections can be re-used for any client request.
This is because the spoof option causes FortiADC to use the client IP address as the source address in all packets sent to servers (disabling Source Network Address Translation or SNAT). While this itself is not a problem, it means that server connections can only be re-used by client connections from the same client IP. This effectively disables much of the benefit of using TCP multiplexing. If the application running on the servers behind an FortiADC cluster requires the real client IP address in incoming requests (that is, spoof enabled), then in most configurations we recommend disabling TCP multiplexing.
In some cases, when it is known that most or all client connections will come from a relatively short list of IP addresses, spoof can be enabled with TCP multiplexing to improve performance. Examples include configurations where public client connections come from an HTTP or HTTPS proxy that uses a restricted set of IP address, or an internal corporate network that uses NAT.
Refer to Modifying a Layer 7 HTTP or HTTPS Cluster or Cluster and Match Rule Commands (on the CLI) for details.