TCP MSS adjustments

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member

The Maximum Transmission Unit (MTU) specifies the largest amount of data that can be transmitted by a protocol in one TCP segment.  The MTU size of an Ethernet interface is 1500 bytes by default.  If you take out the 20 bytes for the IP header and the 20 bytes for the TCP header, then you are left with the remaining 1460 bytes of the payload that can be transmitted in one frame. This is what we refer to as TCP MSS (Maximum Segment Size).


The larger it is, the less overhead you have but the more retransmits you'll get in case of a problem. The larger frame also means increased latency due to time necessary to transmit.  The smaller it is, the more overhead you'll have but less to retransmit if there is a problem.  For the implementation of ethernet, 1500 was picked as a compromise value.


That said, it might be useful to tweak it's size to best fit your network.


Note that prior to PAN-OS 7.1, the option to adjust TCP MSS was configurable as a simple on/off setting, reducing the MSS value by 40 when enabled.  Starting from PAN-OS 7.1, this option is now configurable for IPv4 and IPv6 independently.

As seen in the illustrations below:

Adjust TCP MSSAdjust TCP MSS




Below are some links offering more information on how to go about implementing this and some use-case examples !


That's it for me but feel free to leave a comment or ask questions in the comment section below!


-Kiwi out!


Register or Sign-in
Top Liked Authors