| Solution |
The following firmware versions include enhancements that apply to file transfers and web traffic within a single session or traffic flow, including scenarios involving VPN, explicit proxy, transparent proxy, proxy-based inspection with certificate or deep inspection profiles enabled.
- Upgrade the FortiGate to v7.2.11(release date TBD), v7.4.6(release date TBD), or v7.6.1(available from November 19, 2024 - November 21, 2024).
- Upgrade the FortiProxy to v7.0.19(release date TBD), v7.2.12(release date TBD) or v7.4.6(release date TBD).
Workaround:
Set tcp-window-type to dynamic under profile-protocol-options for protocols experiencing slow speeds, and apply this profile in the Firewall policy configuration with proxy-based inspection. The default setting is auto-tuning which allows the system to auto-tune the TCP window size.
config firewall profile-protocol-options
edit <Profile Name>
config HTTP
set ports 80 8080
unset options
unset post-lang
set tcp-window-type dynamic <----- Vary TCP window size based on available memory and within limits of tcp-window-minimum and tcp-window-maximum.
end
end
Note:
After applying the configuration change, monitor overall system memory usage. If memory usage exceeds 80%, revert to auto-tuning and upgrade FortiOS once the new firmware is available.
|
