When a Layer 7 protocol uses TCP for transportation, the TCP payload can be segmented due to various reasons, such as application
design, maximum segment size (MSS), TCP window size, and so on. The application-level gateways (ALGs) that the firewall and
NAT support do not have the capability to recognize TCP fragments for packet inspection. vTCP is a general framework that
ALGs use to understand TCP segments and to parse the TCP payload.
vTCP helps applications like NAT and Session Initiation Protocol (SIP) that require the entire TCP payload to rewrite the
embedded data. The firewall uses vTCP to help ALGs support data splitting between packets.
When you configure firewall and NAT ALGs, the vTCP functionality is activated.
vTCP currently supports Real Time Streaming Protocol (RTSP) and DNS ALGs.
TCP Acknowledgment and Reliable Transmission
Because vTCP resides between two TCP hosts, a buffer space is required to store TCP segments temporarily, before they are
sent to other hosts. vTCP ensures that data transmission occurs properly between hosts. vTCP sends a TCP acknowledgment (ACK)
to the sending host if vTCP requires more data for data transmission. vTCP also keeps track of the ACKs sent by the receiving
host from the beginning of the TCP flow to closely monitor the acknowledged data.
vTCP reassembles TCP segments. The IP header and the TCP header information of the incoming segments are saved in the vTCP
buffer for reliable transmission.
vTCP can make minor changes in the length of outgoing segments for NAT-enabled applications. vTCP can either squeeze the additional
length of data to the last segment or create a new segment to carry the extra data. The IP header or the TCP header content
of the newly created segment is derived from the original incoming segment. The total length of the IP header and the TCP
header sequence numbers are adjusted accordingly.