Technical Note: How to avoid MSS mismatch

FortiGate

FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.

Article Id 192900

Description

In order to solve MSS (Maximum Segment Size) mismatch, the size of the MSS can be changed on the policies of the FortiGate.

Solution

Based on the previous diagram:

1. If the issue occurs when a user on internal tries to visit a site on “web server”

2. On policy from “internal” to “internet”

configure firewall policy
edit x
set tcp-mss-sender 1300
end

3. Clear all sessions with these IP addresses.

2595

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Terms of Service
Privacy Policy
GDPR
Cookie Settings

Technical Note: How to avoid MSS mismatch

You are leaving our website