IPsec Tunnel Management

On the Settings > Configuration > General tab, you can configure the following IPsec tunnel settings:

  • Tunnel Down Detection Time

  • Tunnel TCP Maximum Segment Size (MSS)

  • Tunnel Anti-Replay Window

These can be set for all gateways (select Controller from the Gateway drop-down), or individual gateways.

Tunnel Down Detection Time

Configure how often tunnel status is checked (minimum is every 20 seconds). Tunnel status is displayed on the Diagnostics > Cloud Routes > Gateway Routes tab in the Tunnel Status column.

The default is 60 seconds.

Tunnel TCP Maximum Segment Size (MSS)

Specify the maximum size (in bytes) that can be sent via the tunnel in a single TCP segment without being fragmented. For AWS, Azure, and OCI the recommended maximum is 1370 bytes. For GCP, the recommended maximum is 1330 bytes.

Tunnel Anti-Replay Window

Specify the size of the anti-replay window. This feature checks the sequence number of each received IPsec packet against the current anti-replay window range. This helps packets stay secure by ensuring that invalid packets are discarded and not targeted for hacking.

The default is set to zero (zero means that this feature is disabled).