Juniper SRX and Fortigate will ignore any value outside of the range of the MTU. One cool point on the Force NGFW, it will honor any tcp.mss value even to 1byte. Other vendors will disregards settings that load. FortiOS default to 48 bytes regards of what value you set for tcp-sender that's fall below 48 bytes. I believe this is due to the internet RFC has a minimum size value for TCP
1P+TCP.HDR+PAYLOAD
So if you set tcp mss values out of the range for the ethernet segment for the firewall be aware the Forcepoint NGFW can drop these packets & with no warning.
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment