Hi @tuan nguyen,
My customer seems to have hit the exact same issue you describe.
When TRP is enabled, the clients work fine, and the maximum packet length we see is 1414 Bytes.
When TRP is enabled, the clients cannot reach the server, and the maximum packet length we see is 1514 Bytes.
The gateway MTU is 1500.
Did you manage to resolve the issue, and if so how?
Any help would be much appreciated.
Thanks,
Roee
------------------------------
Roee Sharon
Information Security Engineer
Poalim Trust Services Ltd.
IL
------------------------------
Original Message:
Sent: 08-28-2023 23:36
From: tuan nguyen
Subject: Client can't connect TRP site via tunnel with default MTU 1500.
Hi,
Thanks for your attention, We haven't found root cause yet.
------------------------------
tuan nguyen
head of product development - fico
Tien Phong Commercial Joint Stock Bank
HA NOI
Original Message:
Sent: 08-28-2023 09:56
From: Thomas Dao
Subject: Client can't connect TRP site via tunnel with default MTU 1500.
Hi @tuan nguyen,
Do you resolve your problem?
------------------------------
Thomas Dao
Products Consultant
M.Tech Products Pte Ltd
Ha Noi
Original Message:
Sent: 07-10-2023 21:16
From: tuan nguyen
Subject: Client can't connect TRP site via tunnel with default MTU 1500.
Hi,
i already think about it but I don't think it will solve the problem. Because the clients can access non TRP site normally (also SSL traffic), so i think no problem between GW and client, just after GW unpack packet/connection, maybe it changed something make the MTU higher 1500, and load balance/backend dont support that MTU.
Thanks,
------------------------------
tuan nguyen
head of product development - fico
Tien Phong Commercial Joint Stock Bank
HA NOI
Original Message:
Sent: 07-10-2023 09:46
From: Karol Gruszczynski
Subject: Client can't connect TRP site via tunnel with default MTU 1500.
Hi,
Maybe you should increase MTU on GTWs.
Try this:
https://docs.imperva.com/bundle/z-kb-articles-km/page/9b0ff549.html
------------------------------
Karol Gruszczynski
IT Security Expert
Trafford IT Sp. z o.o.
Warsaw
Original Message:
Sent: 07-07-2023 03:13
From: tuan nguyen
Subject: Client can't connect TRP site via tunnel with default MTU 1500.
Hi all,
I have an issue with SecureSphere Gateway with our branches. They can't access to TRP site (transparent reverse proxy) with default MTU. Our branches connect to data center via SSL tunnel.
We have 2 solutions:
- Turn off TRP, GW won't process HTTPS traffic.
- Reduce MTU on branch router or on Window, example 1412.
Anyone know what is diffirent between TRP's and none TRP's MTU ? I think the packet after TRP has MTU bigger 1500 and other device like load balance is not support.
PS: my GW use default MTU = 1500
Thank you.
#On-PremisesWAF(formerlySecuresphere)
------------------------------
tuan nguyen
head of product development - fico
Tien Phong Commercial Joint Stock Bank
HA NOI
------------------------------