AnsweredAssumed Answered

MTU and MSS Clamping on gateways in Azure

Question asked by Jeroen Demets on May 17, 2018



we have some CloudGuard gateways running in Azure and some Asian sites have issues reaching them...or the other way around.

We can ping from appliances such as 730 models to servers in the encryption domain of the vSEC gateways but not the other way around. And then suddenly it works, and then not anymore. We tried permanent tunnels but it doesn't seem to help much.


I'm starting to look at MTU and MSS Clamping issues but I wonder how you can detect the need for them.

We sometimes see drops because of  "SYN retransmit with different window scale" being logged.


Some sites are DAIP sites, some others have fixed IP but most lines seem poor quality. Should we set those variables both on the 730 models as well as on the R80.10 CloudGuard gateway in Azure?


What are your experiences here?


Thanks for feedback,