Description
If POP3 email retrieval is slow through the FortiGate, it might be because of Identification Protocol (RFC1413) queries to port 113.
While the Identification Protocol (Ident) is basically obsolete, there are still some older servers running Ident.
Ident was designed to provide identifying information about computers attempting to connect to a server.
When a server running Ident is contacted through the FortiGate, all other communication is put on hold while the server attempts to get Ident information via port 113.
Since there are no firewall policies permitting traffic to this port, the connection is dropped.
When the server does not receive a reply, it waits and queries port 113.
Since the server will never receive an Ident reply through the FortiGate it is effectively "hung" while waiting, slowing down the system.
This problem can be resolved 'invisibly' by adding custom IPS (Intrusion Prevention System) signatures to reset any connection attempts where the source or destination port is 113.
F-SBID (--protocol tcp; --dst_port 113) - Action Reset
F-SBID (--protocol tcp; --src_port 113) - Action Reset
For information on configuring custom signatures see the related article 'FortiOS v2.80 IPS Custom Signature Syntax' and The FortiGate Administration Guide.
