Replay traffic scenario
Situations can arise where an identical TCP packet enters twice the FortiGate via 2 different ports. This can be due to a firewall or other network device redirecting packets out on the same port it has received it.
The FortiGate will in this condition detect a replay packet and drop it.
If the network topology or culprit devices cannot be changed to avoid this, the workaround on the FortiGate can be to disable TCP replay verification packets.
config system global
set anti-replay | loose | strict | disable |
|In v3.0 this command was:
The debug flow diagnosis output* hereafter shows the message indicating this condition:
id=20085 trace_id=179 msg="vd-VDOM_VLAN1 received a packet(proto=6, 10.10.253.9:10709
>10.10.248.5:25) from TO_EXTERNAL ."
id=20085 trace_id=179 msg="Find an existing session, id-00041475, original direction"
id=20085 trace_id=179 msg="replay packet, drop"
* For additional diagnosis and troubleshooting procedures, please consult the Knowledge Base at http://kb.fortinet.com.