[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[fw1-wizards] MTU & Fragmentation question

Subject: [fw1-wizards] MTU & Fragmentation question
From: Paul Keser <paul@xxxxxxxxx>
To: fw1-wizards@xxxxxxxxxxxx
Date: Fri, 17 Nov 2000 09:16:46 -0800

We have a customer sending a large volume of mail over an ISAKMP VPN.
They are only seeing 16kb/sec throughput.  Logs look good.  vmstat on
both FW's (running Solaris FW1 4.1 bld 41489) shows 50-70 % idle on more

loaded fw, 90% idle on other.

The only firewall related issue I could think of could be excessive
fragmentation due to encapsulation.  This raises 2 questions:

1.   How much under the minimum MTU in the route should I  set the
firewalls MTU to prevent this?

2.   What should I grep for when snooping to see if there are excessive
requests to fragment?

Any other suggestions to TS will be greatly appreciated!  I don't think
the problem lies in the FW's but it is hard to show since when they use
the existing F-R net they don't have the problem.

-PaulK





---------------------------------------------------------------------
This email came from the FireWall-1 Wizards Mailing List
To unsubscribe, e-mail: fw1-wizards-unsubscribe@xxxxxxxxxxxx
For more information, email: fw1-wizards-faq@xxxxxxxxxxxx

Prev by Date: RE: [fw1-wizards] cpmad
Next by Date: Re: [fw1-wizards] Policy install clears FTP transfers
Previous by thread: Re: [fw1-wizards] Solaris 2.7 firewall crash
Next by thread: [fw1-wizards] IKE Problems
Index(es):
- Date
- Thread