10Advanced Settings171Max IPIP/FWZ LengthSpecifies in bytes the maximum size of an IP‐in‐IP packet. IP‐in‐IP is used by CheckpointFirewall‐1 VPN connections when IPsec is not used. This value should be set at the size of thelargest packet allowed to pass through the VPN connections, regardless of its originalprotocol, plus approximately 50 bytes.Device:/> set Settings LengthLimSettings MaxIPIPLen=2000Default: 2,000Max IPsec IPComp LengthSpecifies in bytes the maximum size of an IPComp packet.Device:/> set Settings LengthLimSettings MaxIPCompLen=2000Default: 2,000Max L2TP LengthSpecifies in bytes the maximum size of a Layer 2 Tunneling Protocol packet.Device:/> set Settings LengthLimSettings MaxL2TPLen=2000Default: 2,000Max Other LengthSpecifies in bytes the maximum size of packets belonging to protocols that are not specifiedabove.Device:/> set Settings LengthLimSettings MaxOtherSubIPLenDefault: 1,480Log Oversized PacketsSpecifies if the SEG will log occurrences of oversized packets.Device:/> set Settings LengthLimSettings LogOversizedPackets=YesDefault: YesFragmentation settingsIP is able to transport up to 65,536 bytes of data. However, most media, such as Ethernet,cannot carry such huge packets. To compensate, the IP stack fragments the data to be sentinto separate packets, each one given their own IP header and information that will help therecipient reassemble the original packet correctly.Many IP stacks, however, are unable to handle incorrectly fragmented packets, a fact that canbe exploited by intruders to crash such systems. The SEG provides protection againstfragmentation attacks in a number of ways.