Hello,
I was reading the topics regarding how to troubleshoot MTU problems, and I would like to ask for a direction about this.
I`m using a SSG140 to establish lan to lan VPN with customers (several vendors may be used from customer side).
There was an issue with an scp transfer that could not pass beyond 2112 kB, until the tunnel´s interface mtu was lowered from default 1500 to 1400. This solved the problem for the vpn that was using that tunnel interface.
The command “get sa stat” shows fragmentation for some sa. Should the configurations be set for this column be always zero?
I saw options like “set flow all-tcp-mss”, “set flow tcp-mss”, “set flow vpn-tcp-mss” but I´m in doubt about which to use and if it can affect the inbound traffic.
Is there a configuration that should be done globally in this scenario?
Bruno