Managing packet fragmentation

The Path MTU Discovery value and fragment size can be defined in the advanced settings via the Configuration > VPN topologies menu. This feature is supported on SNS firewalls from versions 3.11.7 to 4.0.0.

Parameter

Description

Path MTU
Discovery

Select a value from the drop-down list.

Disabled: This option is disabled by default.
Always add DF bit:

Stealth mode must be disabled on the relevant firewalls by using a CLI command so that this option can be selected.
Keep DF bit:

If the encrypted packet initially had the DF bit, it will be kept.

Fragment size

Set the maximum size of IKE fragments in bytes.

Default value: 1280 bytes

Minimum value: 512 bytes

For further information on the corresponding Serverd commands that will be updated on the relevant SNS firewalls, refer to the section IPsec config update in the CLI / SSH Commands Reference Guide.