FortiOS 5.4 Online Help Link FortiOS 5.2 Online Help Link FortiOS 5.0 Online Help Link FortiOS 4.3 Online Help Link

Home > Online Help

> Chapter 25 - Transparent Mode > Replay traffic scenario > Replay traffic scenario

Replay traffic scenario

Situations can arise where an identical TCP packet enters twice the FortiGate via 2 different ports. This can be due to a firewall or other network device redirecting packets out on the same port it has received it.

The FortiGate will in this condition detect a replay packet and drop it.

If the network topology or culprit devices cannot be changed to avoid this, the workaround on the FortiGate can be to disable TCP replay verification packets.

config system global

set anti-replay | loose | strict | disable |

end

 

In v3.0 this command was:

config system global
   set conn-tracking disable
end

The debug flow diagnosis output* hereafter shows the message indicating this condition:

id=20085 trace_id=179 msg="vd-VDOM_VLAN1 received a packet(proto=6, 10.10.253.9:10709

>10.10.248.5:25) from TO_EXTERNAL ."

id=20085 trace_id=179 msg="Find an existing session, id-00041475, original direction"

id=20085 trace_id=179 msg="replay packet, drop"

 

* For additional diagnosis and troubleshooting procedures, please consult the Knowledge Base at https://kb.fortinet.com.