Skip to main content



Performance and slowdown issues caused by Large Send Offload

This section provides the needed information in order to fix the slowdown issue is LSO is enabled IPv4 large send offload.

Bitdefender Firewall was designed to offer the best protection for your network / Internet connections, without you having to configure it. No matter if you are connected directly to the Internet, to a single network or to several networks (Ethernet, wireless, VPN or other network type), either trusted or untrusted, the firewall will self-configure in order to adapt to the corresponding situation.

By default, Bitdefender automatically detects the network configurations on your computer and it creates an appropriate basic firewall profile. It also adds detected networks to the profile as trusted or untrusted network zones, depending on their configuration.

In some cases, you might experience the following issues:

  1. Logon failure: unknown user name or bad password;

  2. When running a "gpresult" , you may receive the following message: "INFO: the user does not have RSOP data";

  3. When logon the system remotely using RDC, you may receive this message: "Because of an error in data encryption, this session will end";

  4. Other computers are accessing to computer very slow;

  5. The download from a network share resource is very slow.

Because this issues might reside at Network Driver Interface Specification level (NDIS), we strongly recommend you to disable the option called "IPv4 large send offload" from your network card.

In order to change this behavior, you will need to :

  1. Click on Start and select run;

  2. Write "ncpa.cpl" without "";

  3. Once the Network Connections window is opened, right click on your Local Area Network connection, and choose Properties;

  4. Press on "Configure" and navigate to the "Advance" tab, once the network card properties is opened;

  5. Disable the option called "IPv4 large send offload";

  6. Press OK and exit;


According to Microsoft Technet, "The Network Driver Interface Specification (NDIS) is a specification for network driver architecture that allows transport protocols such as TCP/IP, Native ATM, IPX, and NetBEUI to communicate with an underlying network adapter or other hardware device. The network adapter can then send or receive data over the network. NDIS permits the high-level protocol components to be independent of the network adapter by providing a standard interface to the network protocols. Because Windows 2000 network architecture supports NDIS, it requires that network adapter drivers be written to the NDIS specification (source: Microsoft Technet article);

According to Microsoft Technet, "during initialization or when an interface appears as a Plug and Play event, the TCP/IP driver will query the miniport through the NdisRequest() mechanism with an object ID (OID) of OID_TCP_TASK_OFFLOAD in order to find out which offload capabilities the network adapter supports.

For each task the network adapter can offload, it will return an NDIS_TASK_OFFLOAD structure that contains an indication of the task supported and parameters specific to that task. The protocol then enables the appropriate tasks by submitting a set request containing the NDIS_TASK_OFFLOAD structures for those tasks. At this point, these tasks are enabled for offload. The network adapter will receive information specific to the task on a per-packet basis, along with each packet (source: Microsoft Technet article).

Troubleshooting Bitdefender Firewall blocking network printer

This section provides the steps needed to troubleshoot BEST Firewall module blocking communication with network printers.

To resolve these issues, you need to activate Network Discovery, allow Network Printing and add the details of your wireless network:

  1. Log in to GravityZone Control Center.

  2. Go to Policies and select the the policy applied to the affected endpoint(s).

  3. Go to Firewall > Settings.

  4. In the Adapters section, under the Network Discovery column, set all adapters to Yes.

  5. Click Save.

  6. Go to Firewall > Rules.

  7. Set the Network Printing rule to Allow under the Permission column.

  8. Click Save.

  9. If you are using a wireless network to connect to the printer please add the Internal network as Home/Office.

    1. Go to Firewall > Settings

    2. Under the Networks section, add your wireless network details:

      • Name - a custom name to better identify it in the list

      • Network/Profile - select Home/Office

      • Identification - select Network

      • IP - insert the IP and the mask that better describes your network addressing scheme.


        For example, if your network addresses start from and end at, type in

    3. Click the Add button