Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
metz_FTNT
Staff
Staff

Created on ‎04-30-2024 02:01 AM

Article Id 312297

Technical Tip: Maximum retransmission attempts

Description This article describes the maximum retransmission attempts the Fortigate  TCP stack will attempt before resetting a TCP connection
Scope FortiGate.
Solution

In TCP protocol, every stream of data sent to one side requires an ACK packet to be received back.

In case the ACK is not received, the sender will retransmit the same data and if ACK is still not received,  it will reset the session by sending an RST packet

 

In FortiGate, the maximum retransmit attempts before sending an RST is 15. After 15 retransmissions, if there is no ACK packet from the receiver, the connection will be closed. 

 

This can be checked with the following command:

 

fnsysctl cat /proc/sys/net/ipv4/tcp_retries2
15
993
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.