Variable | Description | Default |
tcp-timestamp {enable | disable} | Enable to both: • verify whether clients’ TCP timestamps are sequential • include TCP timestamps in packets from FortiWeb Disabling this option can be useful when multiple clients are in front of a source NAT gateway such as a FortiGate. If it applies source NAT but forwards packets to FortiWeb without modifying the TCP timestamp, packets received from that source IP will appear to FortiWeb to have an unstable timestamp. FortiWeb will therefore drop out-of-sequence packets. Disabling therefore prevents packets dropped due to this cause, and can improve performance in that case. Caution: Disabling this option affects FortiWeb’s dynamic calculation of TCP retransmission timeout (RTO) and therefore round trip time (RTT). If you disable the timestamp when it is not necessary, this can result in decreased application performance. | enable |
tcp-tw-recycle {enable | disable} | Enable to quickly recycle sockets that are ready to close (i.e. in the TIME_WAIT state per the TCP RFC). This option can be useful in networks with both sustained high load and bursts of new connection requests. If all sockets are busy, new connection requests may be refused. Enabling this option frees sockets more quickly. Caution: Enabling this option can cause issues with external load balancers and HA failover if they are not expecting the connection to close quickly. This can result in decreased application performance. Generally, it is safer to wait for sockets to safely close before they are reused. | disable |
ip-src-balance {enable | disable} | Enable to allow FortiWeb to connect to the back-end servers using more than one IPv4 address. FortiWeb uses a round-robin load-balancing algorithm to distribute the connections among the available IP addresses. To specify the additional IP addresses, see “config system interface”. This option is useful for performance testing when the number of concurrent connections between FortiWeb and a back-end server exceeds the number of ports that a single IP can provide. | disable |
ip6-src-balance {enable | disable} | Enable to allow FortiWeb to connect to the back-end servers using more than one IPv6 address. FortiWeb uses a round-robin load-balancing algorithm to distribute the connections among the available IP addresses. To specify the additional IP addresses, see “config system interface”. | disable |
tcp-buffer {default | high | max} | Specify high or max to increase the size of the TCP buffer. This option is useful when amount of traffic between a server pool member and FortiWeb is significantly larger than traffic between FortiWeb and the client. | default |