Note
This object type does not have an identifier and is identified by the name of the type
only. There can only be one instance of this type.
3.55.22. TCPSettings
Description
Settings related to the TCP protocol.
Properties
TCPOptionSizes
Validity of TCP header option sizes. (Default: ValidateLogBad)
TCPMSSMin
Minimum allowed TCP MSS (Maximum Segment Size). (Default:
100)
TCPMSSOnLow
How to handle too low MSS values. (Default: DropLog)
TCPMSSMax
Maximum allowed TCP MSS (Maximum Segment Size). (Default:
1460)
TCPMSSVPNMax
Limits TCP MSS for VPN connections; minimizes fragmentation.
(Default: 1400)
TCPMSSOnHigh
How to handle too high MSS values. (Default: Adjust)
TCPMSSLogLevel
When to log regarding too high TCP MSS, if not logged by "TCP
MSS on high". (Default: 7000)
TCPMSSAutoClamping
Automatically clamp TCP MSS according to MTU of involved inter-
faces - in addition to "TCP MSS max". (Default: Yes)
TCPZeroUnusedACK
Force unused ACK fields to zero; helps prevent connection spoofing.
(Default: Yes)
TCPZeroUnusedURG
Force unused URG fields to zero; prevents small information leak.
(Default: Yes)
TCPOPT_WSOPT
The WSOPT (Window Scale) option (common). (Default: Validate-
LogBad)
TCPOPT_SACK
The SACK/SACKPERMIT (Selective ACK) options (common).
(Default: ValidateLogBad)
TCPOPT_TSOPT
The TSOPT (Timestamp) option (common). (Default: ValidateLog-
Bad)
TCPOPT_ALTCHKREQ
The ALTCHKREQ (Alternate Checksum Request) option. (Default:
StripLog)
TCP-
OPT_ALTCHKDATA
The ALTCHKDATA (Alternate Checksum Data) option. (Default:
StripLog)
TCPOPT_CC
The CC (Connection Count) option series (semi common). (Default:
StripLogBad)
TCPOPT_OTHER
How to handle TCP options not specified above. (Default: StripLog)
3.55.22. TCPSettings
Chapter 3. Configuration Reference
202