Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

"Enable TCP Resequencing" in 12.1 RU2 slows down certain webpages.

Created: 21 Jan 2013 | 7 comments

Just thought you guys should know that upon upgrading, THIS option (I determined this after a lot of trial and error, since I never had this issue with any of the previous SEP editions), which can be found in the Network Threat Protection settings, will slow down certain websites (Facebook, Gmail, AOL Mail).  It also does not allow Speed Tests to calculate your UPLOAD speed (Download works fine).  Very strange. And yes, it does it with multiple web browsers.  I am using Windows 7 x64.

I confirmed it multiple times by toggling it on and off, re-installing old versions and keeping the option enabled, and manually turning every option under Network Threat Protection on/off until I figured out which particular option was causing my slowdown ever since upgrading.

Thought you guys might want to look into this, since using that option never gave me a performance issue in the past.

Comments 7 CommentsJump to latest comment

Ashish-Sharma's picture

HI,

Check this

Enable TCP resequencing Prevents an intruder from forging or spoofing an individual's IP address.

IP spoofing is a process that hackers use to hijack a communication session between two computers, such as computer A and B. A hacker can send a data packet that causes computer A to drop the communication. Then the hacker can pretend to be computer A and communicate with and attack computer B. To protect the computer, TCP resequencing randomizes TCP sequence numbers.

Note:

  • OS fingerprint masquerading works best when TCP resequencing is enabled.

Warning:

  • TCP resequencing changes the TCP sequencing number when the client service runs. Because the sequencing number is different when the service runs and when the service does not run, network connections are terminated when you stop or start the firewall service. TCP/IP packets use a sequence of session numbers to communicate with other computers. When the client does not run, the client computer uses the Windows number scheme. When the client runs and TCP resequencing is enabled, the client uses a different number scheme. If the client service suddenly stops, the number scheme reverts back to the Window number scheme and Windows then drops the traffic packets. Furthermore, TCP resequencing may have a compatibility issue with certain NICs that causes the client to block all inbound and outbound traffic.

This option is disabled by default.

Symantec Endpoint Protection Manager - Firewall - Policies explained

Article:TECH104433 | Created: 2008-01-20 | Updated: 2010-11-30 | Article URL http://www.symantec.com/docs/TECH104433

http://www.symantec.com/business/support/index?page=content&id=TECH104433

Thanks In Advance

Ashish Sharma

.Brian's picture

This is a known sympton of turning this feature on. This could be expected behaviour and not really a "bug" in SEP.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

i will not say if it will have big latency, few milliseconds should be okay considering bandwidth is good. If not open a support ticket.

SebastianZ's picture

As you have not experienced the problem in previous SEP versions (which was that?) I would recommend opening a ticket with Support to have them give a closer look at it.

JohnnyG's picture

I appreciate the replies.  I just thought it was odd that since I had been turning this option on since the very first time it was introduced in SEP 11, I never had any slowdown issue what so ever, until the very latest version of SEP.  The slowdown was much more than a few milliseconds.  For instance, Gmail - instead of logging in and going to the mailbox in under a second, it would take a couple of minutes.  Instead of instantly logging out, it wouldn't let you log out because it wouldn't go through.  Facebook messages often wouldn't load at all - and if they did, would take minutes.  And as I mentioned, when conducting a Speed Test, it wouldn't even allow "Upload" speed to be tested, because it would be stuck on "Connecting..."

But, it's OK.  I'll just keep it OFF for now.  Just wanted to let you guys know that the feature is definitely creating performance issues that were not present in any of the previous versions.  Maybe it never worked in the previous versions, and now it's suddenly "working?"  I don't know.

Anyway, thanks!

P.S.  I have used ALL previous releases of SEP (from the very first version of 11), and never had this problem before.  I even switched back from the 12.1 RU2 to 12.1 MP2 and the issue was not present - then went back to RU2 and it came back).

.Brian's picture

Perhaps something regarding the logic was changed. You can always open a support case so they can investigate further.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

SameerU's picture

Hi

Please advise i am also facing the same issue.

Regards