FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
athirat
Staff
Staff

Description
 This article explains how to increase performance when using explicit proxy by controlling tcp window size for proxy connections.

Solution
As FortiOS is designed to handle large number of concurrent proxy sessions, WAD limits the receive buffer size of most of TCP socket to 320K by default.

This might lead to slower downloads/upload speeds even though bandwidth is available.


From 6.2, the http tcp window size can be controlled in protocol-proxy-options by changing the tcp-window-type to dynamic :

#config firewall profile-protocol-options
    edit "default"

        config http
            set tcp-window-type system (system | static | dynamic)
            set tcp-window-minimum 131072 (dynamic only)
            set tcp-window-maximum 8388608 (dynamic only)
            set tcp-window-size 262144 (static only)
        end
    next
end

When set to dynamic :

When set to dynamic, tcp windows will vary based on available memory.
Wad process will poll memory every few seconds and updates the window size based on available memory and the configured min/max values.

When set to static :

Window size will be based on configured "tcp-window-size" value.

When set to system (default) :

Use system default TCP window size for this protocol




Contributors