If you know that your ISP limits the MTU size on the links between the solution components, you can manage the MTU settings in iptables so that the MTU size does not exceed the specified value. For example, if your ISP limits the MTU size to 1450, you can specify 1400 in iptables.
To make the configuration easier and to let the settings persist across solution components restarts, we recommend using the kata-firewall-persist-mtu utility. This utility becomes available when you upgrade Kaspersky Anti Targeted Attack Platform to version 7.1.
To manage MTU settings in iptables:
If the Central Node is deployed as a cluster, log in to the management console of any of the cluster servers that have the manager role in the Docker swarm. To view the role, use the $ docker node ls command.
The application component administrator menu is displayed.
This opens the Technical Support Mode confirmation window.
kata-firewall-persist-mtu set --mss <MSS> --ip <IP address 1> --ip <IP address 2>
Where:
<MSS> is the maximum segment size, calculated as the MTU size minus the length of the TCP and IP headers.<IP address 1> and <IP address 2> are the IP addresses of the servers to which you want to apply the setting. This option can be specified as many times as necessary, depending on how many servers you want to apply the setting to.Within a few minutes, the utility saves the specified settings in iptables and ensures their persistence when the server is restarted.
Additional features of the utility:
kata-firewall-persist-mtu --help
kata-firewall-persist-mtu get
kata-firewall-persist-mtu flush