BugZero | Cisco BugID CSCvu71743 - ENH: FDM - Default TCP MSS 0

Cisco - Defect ID: CSCvu71743

ENH: FDM - Default TCP MSS 0 - Allow MSS Negotiation

Cisco - Defect ID: CSCvu71743

ENH: FDM - Default TCP MSS 0 - Allow MSS Negotiation

Last updated on June 26th, 2025

BugZero Risk Score
3.4 Low

Overall: 3.4

Severity: 3.7

Lifecycle: 7.8

Popularity: 5.1

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Description

Symptom

The default TCP MSS value on FTD Managed by FDM is 0, which means that it is fully allowing MSS Negotiation between both end-points of the TCP connection. This can cause problems with some traffic when using VPN, PPPoE, ADSL, where a lower MSS might be required. Symptoms can include: HTTPS Sites no correctly loading, packet loss through VPN connections

Conditions

FTD Managed by FDM Using VPN/PPPoE/ADSL

Workaround

Create a new FlexConfig object with the following templates: sysopt connection tcpmss [Negate template] sysopt connection tcpmss 0 Reference: https://www.cisco.com/c/en/us/td/docs/security/firepower/660/fdm/fptd-fdm-config-guide-660/fptd-fdm-advanced.html?bookSearch=true#concept_9206B60210F14E839D0EC9ABAD4712F4

Further Problem Description

Change history

2025-03-27 Added: 6.6.0

Top Cisco Defects by Risk Score

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvu71743

ENH: FDM - Default TCP MSS 0 - Allow MSS Negotiation

Cisco - Defect ID: CSCvu71743

ENH: FDM - Default TCP MSS 0 - Allow MSS Negotiation

Last updated on June 26th, 2025

BugZero Risk Score
3.4 Low

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco Defects by Risk Score

Ready to prevent the next vendor outage?

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvu71743

ENH: FDM - Default TCP MSS 0 - Allow MSS Negotiation

Cisco - Defect ID: CSCvu71743

ENH: FDM - Default TCP MSS 0 - Allow MSS Negotiation

Last updated on June 26th, 2025

BugZero Risk Score3.4 Low

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco Defects by Risk Score

Ready to prevent the next vendor outage?

BugZero Risk Score
3.4 Low