Support Center > Search Results > SecureKnowledge Details
Policy installation fails due timeout on Security Gateway with Broadcom NetXtreme interfaces that use 'bnx2x' driver
Symptoms
  • Policy installation on Security Gateway fails due timeout.

  • Traffic capture on Security Gateway during policy installation shows multiple retransmissions.

  • As a workaround, disabling the RX checksumming and TX checksumming on the network interfaces (on-the-fly with 'ethtool --offload IF_NAME rx off tx off' command) on Security Gateway resolves the issue - policy installation succeeds.

Cause

Transparent Packet Aggregation (TPA) feature in bnx2x NIC driver aggregates TCP packets.
This causes Jumbo frames on the interface level and interrupts firewall behaviour. 


Solution
Note: To view this solution you need to Sign In .