Why Can TCP Connections Be Established But Data Transmission Fails After the TCP Proxy Is Enabled on the Interface?
Generally, TCP packets cannot be fragmented. To fragment a TCP packet, ensure that it is not larger than the minimum MTU for each NE interface on the network and the TCP packet must carry the MSS option with three-way handshake (that is, the interface of each NE must adjust the MSS value in the TCP option based on its MTU value); otherwise, transmission may fail.
When the TCP proxy is enabled on the interface, the MSS value is adjusted based not on the MTU value of the interface, but on the value specified through the firewall tcp-mssINTEGER < 100-1460 > command. Therefore, if the MTU value of the interface is less than 1500 or applications (such as IPSec, L2TP, and GRE) requiring packet encapsulation are applied to the interface, run the firewall tcp-mssINTEGER< 100-1460 > command to adjust the MSS value of the TCP proxy.