Managing packet fragmentation

The Path MTU Discovery value and fragment size can be defined in the advanced settings via the Configuration > VPN topologies menu. This feature is supported on SNS firewalls from versions 3.11.7 to 4.0.0.

Parameter Description

Path MTU

Select a value from the drop-down list.

  • Disabled: This option is disabled by default.

  • Always add DF bit:

    Stealth mode must be disabled on the relevant firewalls by using a CLI command so that this option can be selected.

  • Keep DF bit:

    If the encrypted packet initially had the DF bit, it will be kept.

Fragment size

Set the maximum size of IKE fragments in bytes.

Default value: 1280 bytes

Minimum value: 512 bytes

For further information on the corresponding Serverd commands that will be updated on the relevant SNS firewalls, refer to the section IPsec config update in the CLI / SSH Commands Reference Guide.