Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Packet Size Handling

When communication between Web Gateway on an appliance and its clients requires that the size of data packets is handled in a flexible manner, only the explicit proxy mode can be configured as usual. Other modes require an additional configuration effort in this case.

The size of data packets is measured by the MTU (Maximum Transmission Unit) parameter, which limits the number of bytes that can be sent in one packet.

The method of negotiating the value for this parameter between communication partners is known as Path MTU Discovery. It is not available for the Transparent Bridge mode.

For example, when Web Gateway sends a data packet to a client that it connects to through a VPN (Virtual Private Network) tunnel, the MTU that the VPN tunnel can handle might be 1412, whereas the MTU of the data packets is 1500.

The VPN gateway then sends a message under the ICMP protocol to inform its partner about the required size, but this message cannot be processed unless the configured network mode is the explicit proxy mode.

To solve this problem for the other modes, reduce the MTU parameter value for the network interface on Web Gateway that is used for the communication, in this case, for communication with clients behind a VPN tunnel.

Set the parameter to the value that is required, for example, to 1412.

The MTU parameter is configured on the user interface as part of the Network Interfaces settings for the IPv4 or IP6 protocol, which can be accessed under Configuration | Appliances.

  • Was this article helpful?