My Oracle Support Banner

OCI Virtual Networking (VCN) - Connections Randomly Hang when Connecting through Network Virtual Appliances such as a Marketplace Fortinet Firewall (Doc ID 2934693.1)

Last updated on APRIL 01, 2023

Applies to:

Oracle Cloud Infrastructure Virtual Networking - Version N/A to N/A
Information in this document applies to any platform.

Symptoms

After a certain time period has passed, random connections can no longer be made to resources such as Network Load Balancers or directly to Instances in the OCI network when routing through a Network Virtual Appliance (NVA) such as Fortinet firewall.  A packet capture at the trusted interface shows that SYN packets are being sent, but SYN,ACK replies are being dropped at the smartnic.  The Fortinet does not see these replies.  Thus, there is no capture at the Fortinet logs.  However, it is proven that the SYN,ACK responses are being sent from the target using a packet capture there.

Note that this document is referring to the Fortinet, but similar issues and settings should be investigated for any NVA that is in use.

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.