What is the function of adjusting the TCP-MSS value?
You can set a proper TCP-MSS value to
prevent TCP packets from being fragmented on a USG9000. If the length of a TCP
packet exceeds the MTU value set on the USG9000, the packet is fragmented.
You are advised to set the TCP-MSS value to 1460 on a network that has a single VPN (IPSec, L2TP, or GRE) tunnel. If there are multiple VPN tunnels on the network, set the TCP-MSS value based on the network conditions.
The command is as follows:
[USG9000] firewall tcp-mss 1460