The DF bit will be set all of the time by default by the OS. This is how the machine will discover the PMTU of the traversing links. If a packet need to be fragmented due to MTU, then the bit get becomes unset. FireWall-1 will not set the bit for the machine. However, in the case of IPSec, the packets become very large often times needing fragmentation. In this case we will instruct the IP stack to lower the MTU to avoid fragmentation. Otherwise, this is a OS level function. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jon Vandiveer Sent: Thursday, June 07, 2001 1:45 PM To: [EMAIL PROTECTED] Subject: [FW1] Do not fragment bit Who sets the do not fragment bit ? When communicating to the internet for unencrypted communications. Checkpoint or the underlying OS ?? Jon ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
