Palo Alto Networks Knowledgebase: Firewall accepts frames larger than the configured MTU of the interface

Firewall accepts frames larger than the configured MTU of the interface

2341
Created On 02/07/19 23:37 PM - Last Updated 02/07/19 23:37 PM
Content Release Deployment
Resolution

The Maximum Transmission Units (MTU) are actually only enforced when packets leave the Palo Alto Networks firewall, with the MTU of the egress interface being applied.

 

When receiving frames, the MRU (Maximum Receiving Units) is applied, which is higher than the average MTU (or even higher if jumbo frames are enabled).

 

The MRU for all interfaces can be viewed by executing the following command:

show system state filter-pretty sw.dev.runtime.ifmon.port-states | match mru

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cm5cCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language