FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
cramirez
Staff
Staff
Article Id 192900
Description
In order to solve MSS (Maximum Segment Size) mismatch, the size of the MSS can be changed on the policies of the FortiGate.

Solution
cramirez_FD38560_tn_FD38560-1.jpg

Based on the previous diagram:

1. If the issue occurs when a user on internal tries to visit a site on “web server”

2. On policy from “internal” to “internet”
configure firewall policy
edit x
set tcp-mss-sender 1300
end

3. Clear all sessions with these IP addresses.

Contributors