Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

initial-tcp-mss

Syntax

Hierarchy Level

Description

Configure the TCP maximum segment size (MSS) for packets that arrive at the ingress interface (initial direction), match a specific policy, and for which a session is created. The value you configure overrides the TCP MSS value in the incoming packet when the value in the packet is higher than the one you specify.

The initial-tcp-mss value per policy takes precedence over a global tcp-mss value (all-tcp, ipsec-vpn, gre-in, gre-out), if one is configured. However, when the syn-flood-protection-mode syn-proxy statement at the [edit security flow] hierarchy level is used to enable SYN proxy defenses against SYN attacks, the TCP MSS value is not overriden.

Because each policy has two directions, you can configure a value for both directions or for just one direction. To configure a TCP MSS value for the reverse session, use the reverse-tcp-mss option.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.3X48-D20.

Related Documentation