Overview
While setting up the connection between onsite Exinda and the Exinda installed on the remote side, the acceleration feature is not working as designed. The connection is being established over a VPN tunnel using Cisco ASA and Palo Alto firewalls.
When reviewing packet capture, Exinda is receiving traffic on the LAN and immediately sends back an RST for the traffic that needs to be accelerated. The expectation is Exinda should add acceleration options on this traffic that it has received on the LAN and send it outside the WAN.
Solution
When the Exinda is connected to certain firewalls, they might have additional TCP protection enabled. As Exinda is sending Multipath TCP (MPTCP) options when accelerating traffic, the TCP packets might be stripped by the firewall configuration.
In this particular scenario, the options were being stripped by the Palo Alto firewall.
Once the MPTCP support was disabled on Palo Alto's side, the acceleration feature between two Exindas started to function correctly.