TechLibrary

Navigation Back up to About Overview

ContentIndex

[+] Expand All

[-] Collapse All

Junos OS Release 12.3X48 Feature Guide
- New Features in Junos OS Release 12.3X48-D30
  - Integrated ClearPass Authentication and Enforcement
    - Understanding SRX Series Integrated ClearPass Authentication and Its Component Functions
      - Understanding the SRX Series Integrated ClearPass Authentication and Enforcement Feature
        Why You Need to Protect Your Environment With the SRX Series Integrated ClearPass Authentication and Enforcement Feature
        How the SRX Series Integrated ClearPass Authentication and Enforcement Feature Can Protect Your Network Environment
      - SRX Series Supported Platforms for the Integrated ClearPass Authentication and Enforcement Feature
      - Understanding How ClearPass Initiates a Session and Communicates User Authentication Information to the SRX Series Device Using the Web API
        Web API
        ClearPass Authentication Table
        Using HTTPS or HTTP for the Connection Protocol Between ClearPass and the SRX Series Device
        Ensuring the Integrity of Data Sent from ClearPass to the SRX Series Device
        Data Size Restrictions and Other Constraints
        Posture States and the Posture Group
      - Understanding Enforcement of ClearPass User and Group Authentication on the SRX Series Devices
        Understanding How the SRX Series Device Manages the ClearPass Authentication Table
        User Authentication Entries in the ClearPass Authentication Table
        Communication Between ClearPass and the SRX Series Device
        Understanding Domains and Interested Groups
        When a User Has Already Been Authenticated By Another Source
      - Understanding the Integrated ClearPass Authentication and Enforcement User Query Function
      - Understanding How the Integrated ClearPass Feature Detects Threats and Attacks and Notifies the CPPM
      - SRX Series Threat and Attack Logs Sent to Aruba ClearPass
    - Integrated ClearPass Authentication and Enforcement Examples
    - Integrated ClearPass Authentication and Enforcement CLI Configuration Statements
    - Integrated ClearPass Authentication and Enforcement CLI Operational Commands
- New Features in Junos OS Release 12.3X48-D20
- New Features in Junos OS Release 12.3X48-D15
- Requesting Technical Support
- Revision History

No index entries found.

Download This Guide

Download this guide: Junos OS Release 12.3X48 Feature Guide

initial-tcp-mss

Syntax

intial-tcp-mss mss-value;

Hierarchy Level

[edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit tcp-options]

Release Information

Statement introduced in Junos OS Release 12.3X48-D20.

Description

Configure the TCP maximum segment size (MSS) for packets that arrive at the ingress interface (initial direction), match a specific policy, and for which a session is created. The value you configure overrides the TCP MSS value in the incoming packet when the value in the packet is higher than the one you specify.

The initial-tcp-mss value per policy takes precedence over a global tcp-mss value (all-tcp, ipsec-vpn, gre-in, gre-out), if one is configured. However, when the syn-flood-protection-mode syn-proxy statement at the [edit security flow] hierarchy level is used to enable SYN proxy defenses against SYN attacks, the TCP MSS value is not overriden.

Because each policy has two directions, you can configure a value for both directions or for just one direction. To configure a TCP MSS value for the reverse session, use the reverse-tcp-mss option.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.