Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] MTU & Fragmentation question

To: [email protected]
Subject: [FW1] MTU & Fragmentation question
From: Paul Keser <[email protected]>
Date: Fri, 17 Nov 2000 09:21:22 -0800
Sender: [email protected]

We have a customer sending a large volume of mail over an ISAKMP VPN.
They are only seeing 16kb/sec throughput.  Logs look good.  vmstat on
both FW's (running Solaris FW1 4.1 bld 41489) shows 50-70 % idle on more

loaded fw, 90% idle on other.

The only firewall related issue I could think of could be excessive
fragmentation due to encapsulation.  This raises 2 questions:

1.   How much under the minimum MTU in the route should I  set the
firewalls MTU to prevent this?

2.   What should I grep for when snooping to see if there are excessive
requests to fragment?

Any other suggestions to TS will be greatly appreciated!  I don't think
the problem lies in the FW's but it is hard to show since when they use
the existing F-R net they don't have the problem.

-PaulK



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] MTU & Fragmentation question
  - From: CryptoTech <[email protected]>

Prev by Date: RE: [FW1] basic security question- a little off topic
Next by Date: Re: [FW1] ctl event in log
Previous by thread: Re: [FW1] basic security question- a little off topic
Next by thread: Re: [FW1] MTU & Fragmentation question
Index(es):
- Date
- Thread