Watchguard V10 User Manual page 242

CHAPTER 8: About Security Policies
This feature works in conjunction with the MTU
settings, but on a per-policy basis, to limit the size of
packets, if configured. This feature overcomes the
following problems:
• Oversized packets can result in fragmentation,
degrading VPN performance.
• Proxies may require MSS adjustment to prevent
fragmentation.
• Some older systems do not support MTU to regulate
packet size. This feature works along with MTU; it
does not replace MTU.
The following settings are available:
Auto Adjustment
- Determining the lesser value of the input port
- Subtracting packet overhead, including IP and
- The result is then rounded down to the next
Limit to N Bytes (40-1460)
No Adjustment
7 When you have finished, click Done.
210
Auto adjustment calculates the MSS automatically,
using the following calculations:
MTU and the output port MTU.
TCP addressing, VLAN, ESP, PPPoE, AH, and
UDP encapsulation.
lower multiple of 8 bits (8-bit aligned) to
determine the size in bytes that is required for
packet transmission.
The results of this calculation are used as the MSS
for the connection.
This limits MSS to the specified size in bytes.
This specifies that no change be made to the TCP
header. In this case, fragmentation can happen.
Vcontroller