AnsweredAssumed Answered

MSS Clamping in 80.10

Question asked by Kevin Werner on Jan 29, 2019
Latest reply on Jan 29, 2019 by Maarten Sjouw

I am looking at clamping the mss value of packets going through my firewalls.  I am running an environment of all 80.10 gateways supported by an 80.10 management server.  

 

When investigating this situation, this sk clearly lays out the steps for enabling clamping such that it will survive a reboot: Issues requiring adjustment of the Maximum Segment Size (MSS) of TCP SYN and TCP SYN-ACK packets on Security Gateway 

 

I am wondering what I need to do in order to specify the mss value after clamping is enabled.  Older documentation (TCP MSS Adjustment ) suggests supplying a "fw ctl set int fw_tcp_mss_value 1360" argument if i want to set my mss value to 1360.  This sk is from R76 and doesn't specify what needs to be done in order for that to survive a reboot.

 

Do I want to add a line in the fwkern.conf file saying "fw_tcp_mss_value=1360" and/or are there any global properties I need to change to specify an mss value?

 

Thanks

Outcomes