fir3net
PPS-Firenetbanner-780.5x190-30-03-17

How do I configure PMTU on a Juniper SRX series gateway ?

By default IPv4 Path MTU is enabled. However all PMTU options can be located under [set system internet-options ....].

root@srx100# set system internet-options ?
Possible completions:
+ apply-groups         Groups from which to inherit configuration data
+ apply-groups-except  Don't inherit configuration data from these groups
  gre-path-mtu-discovery  Enable path MTU discovery for GRE tunnels
> icmpv4-rate-limit    Rate-limiting parameters for ICMPv4 messages
> icmpv6-rate-limit    Rate-limiting parameters for ICMPv6 messages
  ipip-path-mtu-discovery  Enable path MTU discovery for IP-IP tunnels
  ipv6-duplicate-addr-detection-transmits  IPv6 Duplicate address detection transmits
  ipv6-path-mtu-discovery  Enable IPv6 Path MTU discovery
  ipv6-path-mtu-discovery-timeout  IPv6 Path MTU Discovery timeout (5..71582788 minutes)
  ipv6-reject-zero-hop-limit  Enable dropping IPv6 packets with zero hop-limit
  no-gre-path-mtu-discovery  Don't enable path MTU discovery for GRE tunnels
  no-ipip-path-mtu-discovery  Don't enable path MTU discovery for IP-IP tunnels
  no-ipv6-path-mtu-discovery  Don't enable IPv6 Path MTU discovery
  no-ipv6-reject-zero-hop-limit  Don't enable dropping IPv6 packets with zero hop-limit
  no-path-mtu-discovery  Don't enable Path MTU discovery on TCP connections
  no-source-quench     Don't react to incoming ICMP Source Quench messages
  no-tcp-reset         Do not send RST TCP packet for packets sent to non-listening ports
  no-tcp-rfc1323       Disable RFC 1323 TCP extensions
  no-tcp-rfc1323-paws  Disable RFC 1323 Protection Against Wrapped Sequence Number extension
  path-mtu-discovery   Enable Path MTU discovery on TCP connections
> source-port          Source port selection parameters
  source-quench        React to incoming ICMP Source Quench messages
  tcp-drop-synfin-set  Drop TCP packets that have both SYN and FIN flags
[edit]

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001