Tcp Level Settings - D-Link NetDefend DFL-210 User Manual

Network security firewall ver. 1.05
Hide thumbs Also See for NetDefend DFL-210:
Table of Contents

Advertisement

13.2. TCP Level Settings

13.2. TCP Level Settings
TCPOptionSizes
Verifies the size of TCP options. This function acts in the same way as IPOptionSizes described
above.
Default: ValidateLogBad
TCPMSSMin
Determines the minimum permissible size of the TCP MSS. Packets containing maximum segment
sizes below this limit are handled according to the next setting.
Default: 100 bytes
TCPMSSOnLow
Determines the action taken on packets whose TCP MSS option falls below the stipulated
TCPMSSMin value. Values that are too low could cause problems in poorly written TCP stacks.
Default: DropLog
TCPMSSMax
Determines the maximum permissible TCP MSS size. Packets containing maximum segment sizes
exceeding this limit are handled according to the next setting.
Default: 1460 bytes
TCPMSSVPNMax
As is the case with TCPMSSMax, this is the highest Maximum Segment Size allowed. However,
this settings only controls MSS in VPN connections. This way, NetDefendOS can reduce the effect-
ive segment size used by TCP in all VPN connections. This reduces TCP fragmentation in the VPN
connection even if hosts do not know how to perform MTU discovery.
Default: 1400 bytes
TCPMSSOnHigh
Determines the action taken on packets whose TCP MSS option exceeds the stipulated TCPMSS-
Max value. Values that are too high could cause problems in poorly written TCP stacks or give rise
to large quantities of fragmented packets, which will adversely affect performance.
Default: Adjust
TCPMSSAutoClamping
Automatically clamp TCP MSS according to MTU of involved intafaces, in addition to TCPMSS-
Max.
Default: Enabled
TCPMSSLogLevel
Determines when to log regarding too high TCP MSS, if not logged by TCPMSSOnHigh.
245
Chapter 13. Advanced Settings

Advertisement

Table of Contents
loading

Table of Contents