Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

Related Documentation

  • tcp-mss (Security Flow)
  • syn-flood-protection-mode

initial-tcp-mss

Syntax

intial-tcp-mss mss-value;

Hierarchy Level

[edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit tcp-options]

Release Information

Statement introduced in Junos OS Release 12.3X48-D20.

Description

Configure the TCP maximum segment size (MSS) for packets that arrive at the ingress interface (initial direction), match a specific policy, and for which a session is created. The value you configure overrides the TCP MSS value in the incoming packet when the value in the packet is higher than the one you specify.

The initial-tcp-mss value per policy takes precedence over a global tcp-mss value (all-tcp, ipsec-vpn, gre-in, gre-out), if one is configured. However, when the syn-flood-protection-mode syn-proxy statement at the [edit security flow] hierarchy level is used to enable SYN proxy defenses against SYN attacks, the TCP MSS value is not overriden.

Because each policy has two directions, you can configure a value for both directions or for just one direction. To configure a TCP MSS value for the reverse session, use the reverse-tcp-mss option.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Related Documentation

  • tcp-mss (Security Flow)
  • syn-flood-protection-mode

Modified: 2016-05-01