Knowledge Search


×
 

[ScreenOS] What is the firewall default setting for TCP-MSS?

  [KB4586] Show Article Properties


Summary:

This article lists the TCP maximum segment size (TCP MSS) default settings.

Symptoms:
Environment:
  • set flow tcp-mss
  • set flow all-tcp-mss PPPoE
Cause:

Solution:

For NS-5GT, SSG-5, and SSG-20 devices, the command set flow tcp-mss is enabled by default to 1350. 
On all other Juniper firewall devices, the command set flow tcp-mss is disabled, i.e., it is not set by default in the configuration.

Enter the command get flow | inc mss to see the current values.   For example, look for the following fields:

flow change tcp mss option for all packets is not set
flow change tcp mss option for vpn packets = 1350

Enter the command  get config | inc mss to see the configured settings.

For more information on the difference between the two MSS options, refer to KB6346 - What does set flow all-tcp-mss and set flow tcp-mss do.

Note:  If PPPoE is enabled and bound to an interface, the command set flow all-tcp-mss 1304 will be added, if there was no previous set flow all-tcp-mss command configured.


Related Links: