Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] What is the firewall default setting for TCP-MSS?



Article ID: KB4586 KB Last Updated: 21 Dec 2017Version: 8.0

This article lists the TCP maximum segment size (TCP MSS) default settings.

  • set flow tcp-mss
  • set flow all-tcp-mss PPPoE

For NS-5GT, SSG-5, and SSG-20 devices, the command set flow tcp-mss is enabled by default to 1350. 

On all other Juniper firewall devices, the command set flow tcp-mss is disabled; meaning, it is not set by default in the configuration.

Enter the command get flow | inc mss to see the current values.   For example, look for the following fields:

flow change tcp mss option for all packets is not set
flow change tcp mss option for vpn packets = 1350

Enter the command  get config | inc mss to see the configured settings.

For more information on the difference between the two MSS options, refer to KB6346 - What does set flow all-tcp-mss and set flow tcp-mss do.

Note:  If PPPoE is enabled and bound to an interface, the command set flow all-tcp-mss 1304 will be added if there was no previous set flow all-tcp-mss command configured.

Modification History:
2017-12-07: Article reviewed for accuracy. No changes made. Article is correct and complete.

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search