Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
ContentIndex
  
[+] Expand All
[-] Collapse All

No index entries found.

Related Documentation

  • tcp-mss (Security Flow)
  • syn-flood-protection-mode

reverse-tcp-mss

Syntax

reverse-tcp-mss mss-value;

Hierarchy Level

[edit security policies from-zone zone-name to-zone zone-name policy policy-name then permit tcp-options]

Release Information

Statement introduced in Junos OS Release 12.3X48-D20.

Description

Configure the TCP maximum segment size (MSS) for packets that match a specific policy and travel in the reverse direction of a session. The value you configure replaces the TCP MSS value when the value in the packet is higher than the one you specify.

The reverse-tcp-mss value per policy takes precedence over a global tcp-mss value (all-tcp, ipsec-vpn, gre-in, gre-out), if one is configured. However, when the syn-flood-protection-mode syn-proxy statement at the [edit security flow] hierarchy level is used to enable SYN proxy defenses against SYN attacks, the TCP MSS value is not overridden.

Because each policy has two directions, you can configure a value for both directions or for just one direction. To configure the TCP MSS value for the initial session, use the initial-tcp-mss option.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Related Documentation

  • tcp-mss (Security Flow)
  • syn-flood-protection-mode

Modified: 2016-05-01