%PIX-4-419001 – MSS exceeded

We have noticed in our daily log a few warning messages stating that the MSS was exceeded (and the packet dropped). The MSS (Maximum Segment Size) is basically the largest amount of data that the device can handle in just one piece (without being broken in several pieces and transmitted individually). By default this is the expected behaviour within a Cisco Pix firewall. In our case, the defined MSS is 1380 bytes but the incoming packet was 1444. Depending on the firmware version the firewall can be configured to accept packets with a larger MSS. We will probably configure this firewall to do this. Compared to the total number of messages there are very few “MSS exceeded” ones, practically they can be ignored (approx. 0.005 %).



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: