Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
dakeil
Explorer

Fragmentation issue on 750 Appliance in Checkpoint Mobil Client

Hi there,

is there a possibility to change some options concerning fragmentation and MSS-clamping on the 750 Appliance?

I see a lot of fragmented packets incoming on the Office-Mode-Clients resulting in a very bad performance for the clients. The clients use the Checkpoint Mobile Client to the 750 Appliance.

I have tried so far to set the MTU on the WAN and LAN-Interface to what I have figured out by using ping with don't fragment (1460Bytes). I also disabled the max-ping-IPS setting (1000Bytes) in the Checkpoint. I also set the MTU on client (Checkpoint Mobile) and server (behind 750 Appliance) to 1350Bytes. I also tried to trim the Windows-Server (Server2019) and Windows-Client (Windows10) to use the minimum MTU of 576 Bytes to avoid a "too big MTU). I still continuously see the fragments (TCP segment of reassembled PDU) in wireshark on the client with always a length of (MTU - 40Bytes).

Any ideas? Thank you in advance.

Daniel

 

0 Kudos
2 Replies
Chris_Atkinson
Employee Employee
Employee

Some related parameters are outlined in sk121114.

CCSM R77/R80/ELITE
0 Kudos
the_rock
Legend
Legend

SK Chris gave is good reference. Keep in mind, if this is locally managed appliance, you can really only change things for MTU in gui or cli, but if its centrally managed, there are some settings that could be modified for MSS in Guidbedit database tool.

Otherwise, I would say, for locally managed, do the backup and follow the steps in the article.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events