Hello, I have been browsing through the TCP Fast Open discussions, and I have 2 Windows 10 Enterprise nodes that are using TCP Fast Open. However, I noticed in my Check Point firewall that it was dropping the traffic due to the behavior of the SYN packets. I have enabled TCP Fast Open on the firewall.
Procedure to accept the SYN or SYN-ACK packets with data on the Security Gateway:
- Connect to the command line on the Security Gateway / each Cluster Member.
- Log in to the Expert mode.
- To activate the parameter ‘asm_syn_packet_with_data’ on-the-fly, run:
fw ctl set int asm_syn_packet_with_data 1 -a
- To activate the feature, so it survives a reboot, add the following line to the $PPKDIR/conf/simkern.conf file:asm_syn_packet_with_data=1
- Verify the value of the kernel parameter ‘asm_syn_packet_with_data’ with:
fw ctl get int asm_syn_packet_with_data -a
- To activate the parameter ‘asm_allow_syn_with_data’ on-the-fly, run:
fw ctl set int asm_allow_syn_with_data 1
- To activate the feature, so it survives a reboot, add this line to the $FWDIR/boot/modules/fwkern.conf file:asm_allow_syn_with_data=1
- Verify the value of the kernel parameter ‘asm_allow_syn_with_data’ with:
fw ctl get int asm_allow_syn_with_data
And now TCP Fast Open works on my Windows 10. However, what I wonder is that I have a bunch of Windows Server 2022, but they do not attempt to use TCP Fast Open. Why does it work on Windows 10 and not on Windows Server 2022? Or is there something I need to activate in the configuration for it to work? It feels a bit weird otherwise. I do not have the possibility to migrate to Linux and Docker on these nodes as it is far too much work.
From now on, I assume that only Linux/Ubuntu is the way to go for future nodes.