We use the following commands on our site to site vpn's to change the MTU and prevent fragmentation.
----
iptables -t mangle -I POSTROUTING -s 192.168.3.0/24 -d 192.168.42.225/27 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1300;
iptables -t mangle -I POSTROUTING -s 192.168.42.225/27 -d 192.168.3.0/24 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1300;
----
However, when we do a firmware update, these changes appear to go away and we have to re-issue the commands.
Is there a way to show the table and these commands to confirm they survive the firmware update or not. Sophos Support says they will survive it but in testing they do not.
We also have a console command to set an ips exception
----
set ips ac_atp exception fwrules "rule number"
----
I need to confirm that this also survives a firmware update but cannot find the exceptions
Any help with a command to show these command lines would be greatly appreciated.
This thread was automatically locked due to age.
