config : system network-option
 
system network-option
Use this command to configure system-wide TCP connection options.
To use this command, your administrator account’s access control profile must have either w or rw permission to the netgrp area. For more information, see “Permissions”.
Syntax
config system network-option
set tcp-timestamp {enable | disable}
set tcp-tw-recycle {enable | disable}
set ip-src-balance {enable | disable}
set ip6-src-balance {enable | disable}
set tcp-buffer {default | high | max}
end
Variable
Description
Default
tcp-timestamp {enable | disable}
Enable to both:
verify whether clients’ TCP timestamps are sequential
include TCP timestamps in packets from FortiWeb
Disabling this option can be useful when multiple clients are in front of a source NAT gateway such as a FortiGate. If it applies source NAT but forwards packets to FortiWeb without modifying the TCP timestamp, packets received from that source IP will appear to FortiWeb to have an unstable timestamp. FortiWeb will therefore drop out-of-sequence packets. Disabling therefore prevents packets dropped due to this cause, and can improve performance in that case.
Caution: Disabling this option affects FortiWeb’s dynamic calculation of TCP retransmission timeout (RTO) and therefore round trip time (RTT). If you disable the timestamp when it is not necessary, this can result in decreased application performance.
enable
tcp-tw-recycle {enable | disable}
Enable to quickly recycle sockets that are ready to close (i.e. in the TIME_WAIT state per the TCP RFC).
This option can be useful in networks with both sustained high load and bursts of new connection requests. If all sockets are busy, new connection requests may be refused. Enabling this option frees sockets more quickly.
Caution: Enabling this option can cause issues with external load balancers and HA failover if they are not expecting the connection to close quickly. This can result in decreased application performance. Generally, it is safer to wait for sockets to safely close before they are reused.
disable
ip-src-balance {enable | disable}
Enable to allow FortiWeb to connect to the back-end servers using more than one IPv4 address. FortiWeb uses a round-robin load-balancing algorithm to distribute the connections among the available IP addresses.
To specify the additional IP addresses, see “config system interface”.
This option is useful for performance testing when the number of concurrent connections between FortiWeb and a back-end server exceeds the number of ports that a single IP can provide.
disable
ip6-src-balance {enable | disable}
Enable to allow FortiWeb to connect to the back-end servers using more than one IPv6 address. FortiWeb uses a round-robin load-balancing algorithm to distribute the connections among the available IP addresses.
To specify the additional IP addresses, see “config system interface”.
disable
tcp-buffer {default | high | max}
Specify high or max to increase the size of the TCP buffer.
This option is useful when amount of traffic between a server pool member and FortiWeb is significantly larger than traffic between FortiWeb and the client.
default
Example
This example assigns additional IP addresses to port1. FortiWeb uses a round-robin load-balancing algorithm to distribute connections to back-end servers among the available IP addresses.
config system network-option
set ip-src-balance enable
end
 
config system interface
edit "port1"
set type physical
set ip 192.168.183.71/24
set allowaccess https ping ssh snmp http telnet
config secondaryip
edit 1
set ip 192.168.183.72/24
next
edit 2
set ip 192.168.183.73/24
next
end
next
end
Related topics
config system interface
execute ping
diagnose network ip
diagnose network sniffer