Hello,
@Robert cao wrote:
1:service-interface sp-8/1/0.1; what is this interface?
should I configure this?
On M7i,:
- if you have ASM module, you should configure sp-1/2/0.
- If you have AS-PIC or MS-PIC in any other slot, you should configure sp-0/<PICslot>/0.
- If you have neither, then TCP MSS adjust is not possible on M7i.
@Robert cao wrote:
2:stateful-firewall { rule Permit-all { match-direction input-output; term 1 { then { accept; }
I permit in both directions
but here
service {
input {
service-set tcp-mss service-filter mss-filter;
}
output {
service-set tcp-mss service-filter mss-filter;
why should we enable service set in input and out-put direction?
You must configure SFW rule and use "input-output" direction to allow the traffic flows to be established bidirectionally.
You must configure service-filter as above and apply it to both "input" and "output" interface-style service-sets because TCP MSS need to be adjusted in both SYN and SYN-ACK.
HTH
Rgds
Alex