Manualshelf

HP VPN Firewall Appliances System Management and Maintenance Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
21222324252627282930
17
[FirewallB-GigabitEthernet0/2] ip address 2.2.2.1 24
[FirewallB-GigabitEthernet0/2] quit
After the configurations, if you ping the subnet-directed broadcast address (2.2.2.255) on the host,
the ping packets can be received by the interface GigabitEthernet 0/2 of Firewall B. However, if
you cancel the ip forward-broadcast configuration on any firewall, the ping packets cannot be
received by the interface GigabitEthernet 0/2 of Firewall B.
Configuring TCP attributes
This section provides information about configuring TCP attributes.
Configuring TCP MSS for the interface
The Max Segment Size (MSS) option informs the receiver of the largest segment that the sender is willing
to accept. Each end announces the MSS it expects to receive during the TCP connection establishment.
The end that receives the MSS value from the other end then limits the size of each TCP segment to be
sent.
If the size of a TCP segment is smaller than the MSS of the other end, the TCP segment is sent to the
other end without being fragmented.
Otherwise, it is fragmented according to the MSS before being sent.
When you configure TCP MSS of the interface, follow these guidelines:
If you configure a TCP MSS on an interface, the size of each TCP segment received or sent on the
interface cannot exceed the MSS value.
This configuration takes effect only for TCP connections that are established after the configuration
rather than the TCP connections that already exist.
To configure TCP MSS of the interface:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter interface view.
interface interface-type
interface-number
N/A
3. Configure the TCP MSS of the
interface.
tcp mss value
Optional.
The TCP MSS is 1460 bytes by
default.
Configuring TCP path MTU discovery
CAUTION:
A
ll devices on the TCP path must be enabled to send ICMP error messa
g
es by usin
g
the ip unreachables
enable command.
TCP path MTU discovery (in RFC 1191) discovers the path MTU between the source and destination ends
of a TCP connection. It works as follows:
1. A TCP source device sends a packet with the Don't Fragment (DF) bit set.