NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] MTU



The "ifconfig <interface> mtu <value>" command does work on IPSO, but
the information gets re-written by the Voyager configuration at
startup.  Nokia says to put it into the rc.local file to be persistent
across reboots, but I personally wouldn't do this.  However temporarily
changing it may help you troubleshoot.

"ifconfig" displays the mtu size as 1500, but Voyager displays it as
1514.  Both are right, it just depends upon what headers they count in
the frames.  If you are comparing the MTU size with what you are seeing
in sniff traces use what "ifconfig" tells you.

As for IPSO...  It does not support Path MTU (PMTU) However this
doesn't sound like your problem.

Why is the router MTU lowered from the default?  if you are messing
with this then you have to make sure you are letting ICMP type 3 code 4
packets from one end of the connection to the other.  Also make sure
the router interface isn't configured to not send these packets (you
should NOT have "no icmp unreachable" configured on the router
interface.

If you are still having more problems with this then provide more
information, is this bi-directional problem?  Is it just one router
with the lowered MTU? etc..

Mitchell

____________________________________________________
http://www.attackprevention.com
Information Security documents, articles, and policy

>   # ifconfig <interface> mtu <value>
>
> Are these Ethernet interfaces? The MTU is gonna be 1500.
>
> > -----Original Message-----
> > From: [email protected] [mailto:[email protected]]
> > Sent: Thursday, August 21, 2003 2:59 AM
> > To: [email protected]
> > Subject: Re: [FW-1] MTU
> >
> > Are you recieving ICMP messages as drop for this traffic at
Checkpoint ?
> > NG ? Which FP ?
> >
> > []'S
> >
> > ------------------------------------
> > Antonio Costa
> > Odebrecht Engenharia e Construcao
> > Infra-Estrutura de Rede e Seguranca
> > [email protected]
> > Tel.: +55-11-3443-9813
> > Fax.: +55-11-3443-9618
> >
> > ----- Original Message -----
> > From: "v.r" <[email protected]>
> > Date: Thursday, August 21, 2003 6:17 am
> > Subject: [FW-1] MTU
> >
> > > Hello,
> > >
> > > We have a site to Site VPN between our sites built
> > > bweteen CISCO VPN concentrators. Checkpoint firewall
> > > is transparently sitting between them.
> > >
> > > The users on one side are able to ping the server on
> > > the other end. And also able to open conncetions on
> > > the other end. But they are not able to get the
> > > webpages from the server.
> > >
> > > when we enquired, it has been found out that the mtu
> > > settings on the router is 1440.
> > >
> > > will there be any settings of MTU in checkpoint on
> > > NOKIA IPSO?
> > >
> > > and also is there any conflict of HTTP exists with MTU
> > > change?

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.