Troubleshooting Tip: Asymmetric traffic drop when UTM is enabled within FGSP environment

From FOS 6.4, FortiGate firewalls support UTM inspection on asymmetric traffic in FGSP environment.

In a certain scenario, a traffic drop is observed. The following is what happened:

1. The Client initial SYN packet ingressing on FW-A via the interface says 'INT1'.
   1. FW-A checks and creates a new session, traffic egresses via the interface, and 'EXT1' is communicated to the server.
   2. The session syncs to FW-B.
2. The Server replies with the SYN/ACK packet, it ingresses to FW-B via the interface, and 'EXT2' is communicated.
   At this stage, FW-B should bounce the traffic back to FW-A for UTM inspection. However, due to the interface name difference (in this example, 'EXT1' and 'EXT2'), traffic bouncing does not proceed. After TCP retransmissions, the server reset occurs, resulting in a traffic drop.

To resolve the issue, ensure that the (VLAN) interface name for the relevant traffic flowing in the FortiGate FGSP members is identical (while the VLAN ID can be different).