https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216752#M62759 <P>hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>,</P><P>&nbsp;</P><P>firstly thanks for your advice.&nbsp;</P><P>does changing tcp mss payload&nbsp;amount affect to other running thing? And also which amount I should adjust? default amount is 40 as I know.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 05 Jun 2018 22:22:01 GMT Retired Member 2018-06-05T22:22:01Z https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216620#M62735 <P>Hi All,</P><P>&nbsp;</P><P>I have an issue about sip/rtp traffic. Endpoints are using a calling application that used sip protocol . We have also enabled fragment feature in zone protection setting.I investigate this issue and when endpoint make calling, zone protection drops rtp packets because they are fragmented.</P><P>Could you inform me is there another solution advice without disabling fragment feature?</P><P>&nbsp;</P><P>Thanks for ur interested</P> Tue, 05 Jun 2018 09:29:36 GMT https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216620#M62735 Retired Member 2018-06-05T09:29:36Z https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216648#M62737 <P>hi @Retired Member</P> <P>&nbsp;</P> <P>you could investigate why there is fragemting: you may need to change the MTU and/or enable and tweak TCP MSS on the interfaces to decrease the paymload and prevent fragmentation</P> Tue, 05 Jun 2018 13:45:04 GMT https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216648#M62737 reaper 2018-06-05T13:45:04Z https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216752#M62759 <P>hi <a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/7608">@reaper</a>,</P><P>&nbsp;</P><P>firstly thanks for your advice.&nbsp;</P><P>does changing tcp mss payload&nbsp;amount affect to other running thing? And also which amount I should adjust? default amount is 40 as I know.</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 05 Jun 2018 22:22:01 GMT https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216752#M62759 Retired Member 2018-06-05T22:22:01Z https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216789#M62762 <P>adjustiing the TCP MSS will impact all traffic (that uses mss in it's header)</P> <P>&nbsp;</P> <P>there are several tools you could give a try to measure the path MTU to determine the lowest MTU along the path, and then use the mss adjust to lower the mss to match the mtu with the most optimal setting (or give the default a trry)</P> Wed, 06 Jun 2018 07:00:43 GMT https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216789#M62762 reaper 2018-06-06T07:00:43Z https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216841#M62770 <P>Further to reapers suggestions. You could create subinterface on the firewall with a different zone and zone protection profile attached?</P> Wed, 06 Jun 2018 13:27:43 GMT https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216841#M62770 LukeBullimore 2018-06-06T13:27:43Z https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216996#M62802 <P>Hi all,</P><P>&nbsp;</P><P>As recent informs, dropping calling is not because of RTP packets. Amount of last sip communication packet exceeds interface MTU size and therefore packet&nbsp;will be sent by fragment by dividing. In this stage we have to increase interface MTU size instead of decreaing <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span> But this time increasing MTU size will impact some processes. I'm trying to have communication packet decreased or create new zone for this traffic. I will let you keep posted soon <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Thu, 07 Jun 2018 14:11:25 GMT https://live.paloaltonetworks.com/t5/general-topics/rtp-fragment-packet-flowing-is-not-allowed-when-fragment-enabled/m-p/216996#M62802 Retired Member 2018-06-07T14:11:25Z