Policy installation fails due timeout on Security Gateway with Broadcom NetXtreme interfaces that use 'bnx2x' driver
||Security Gateway, ClusterXL, Cluster - 3rd party
||R77, R77.10, R77.20
||Gaia, SecurePlatform 2.6
|Platform / Model
Policy installation on Security Gateway fails due timeout.
Traffic capture on Security Gateway during policy installation shows multiple retransmissions.
As a workaround, disabling the RX checksumming and TX checksumming on the network interfaces (on-the-fly with '
ethtool --offload IF_NAME rx off tx off' command) on Security Gateway resolves the issue - policy installation succeeds.
Transparent Packet Aggregation (TPA) feature in bnx2x NIC driver aggregates TCP packets.
This causes Jumbo frames on the interface level and interrupts firewall behaviour.
Note: To view this solution you need to