Friday, September 4, 2020

Fortigate dropping packets from proxy server when load is heavy - how to detect and resolve?

Hello Sysadmins!

I need your help with respect to Fortigate firewall, although I personally dont use Fortigate. So I have no clue.

I have a client who uses Fortigate firewall (He has not disclosed the model number but I believe information below should be sufficient).

I provide them squid proxy server which uses Fortigate as its gateway.

Here is a scenario:

The client has many office branches which use my squid proxy as a centralized proxy.

Everything works fine when we put just 2-3 branches on proxy. Fortigate firewall does not seem to be dropping packets. Ping response shows no packet drops.

The problem starts when we put all branch traffic on proxy, which in turn goes to Fortigate firewall, the Fortigate firewall starts dropping packets. (ping to 8.8.8.8 shows 50% packet loss).

Wireshark packet monitor on proxy shows that ping request is going out but only 50% ping response coming back in from Fortigate gateway.

When the packet drop issue occurs then their other IPs are able to ping fine i.e. other IPs can ping 8.8.8.8 just fine. So based on this my client puts blame on proxy that its my proxy server's issue, that other IPs can ping 8.8.8.8 but not proxy server.

The proxy server logs are not showing any burden on proxy. So I believe that somewhere Fortigate blocks too much traffic coming from proxy and starts dropping packets from proxy server by considering it as somekind of attack.

Can you please tell me what settings need to be done or checked on Fortigate, so that Fortigate doesn't drop packets from proxy server?

OR can it be that Fortigate is simply not able to handle too much traffic? How to find this?

I will be very grateful to you all for replies and help.

Thank you

PS: I do not have access to that Fortigate. So please give detailed answer or proper links. Which I can pass on to the client.

Thank you!



No comments:

Post a Comment