Open Frames Download Complete PDF Send Feedback Print This Page

Previous

Next

TCP MSS Adjustment

Description

TCP MSS Adjustment allows MSS (Maximum Segment Size) clamping of TCP traffic.

This enables the configuration of the MSS that is part of the OPTIONS in the TCP header.

This feature provides a method to prevent fragmentation when the MTU value on the communication path is lower than the MSS value.

Syntax

fw ctl set int <fw_clamp_tcp_mss|fw_tcp_mss_value> <num>

Parameters

Parameter

Description

 

fw_clamp_tcp_mss <num>

  • Enable or Disable MSS Adjustment:
  • 0, Disable (default)
  • 1, Enable
 

fw_tcp_mss_value <num>

  • Set the MSS value. If value is set to 0, the MSS value is taken from the interface MTU

 

Note: In order for the modified parameters, including state (ON/OFF), to survive reboot - add them to the $FWDIR/boot/modules/fwkern.conf file using g_update_conf_file utility from Expert shell.

Verification

Monitoring can be done using Packet Sniffers to verify that indeed MSS is clamped when the feature is enabled according to configuration.

Note: MSS value is applied on all interfaces, including Management

Debug

  1. Enable SIM debug using the command: sim dbg -m pkt + pkt
  2. Start fw debugging using the command: fw ctl zdebug + packet
  3. Look for prints that contain the string MSS

 

 
Top of Page ©2014 Check Point Software Technologies Ltd. All rights reserved. Download Complete PDF Send Feedback Print