Skip to main content
Skyhigh Security

Configuring TCP Window Scaling

You can configure TCP window scaling to improve network throughput. Using a particular configuration method, you can configure it differently for each TCP connection.

The size of the window for receiving TCP data packets, determines the amount of data that Web Gateway can receive from a web server or client on a given connection before an acknowledge (ACK) packet must be sent.

This size can vary up to a particular maximum value in a process known as window scaling. A larger maximum window size improves network throughput, especially on high-latency connections.

The risk with having a larger maximum window size is that devices such as routers and firewalls might not accept it. This can lead to a breach of window scaling with slow or no throughput.

To configure TCP window scaling, you can use the system settings, a rule event, or a system file.

If you use more than one of these methods, be sure not to configure conflicting values.

System settings

You can configure TCP window scaling as part of specifying the settings of the appliance system.

The Advanced Settings section of the Proxies settings provides options for enabling TCP window scaling and for setting the maximum window size.

Rule event

You can configure TCP window scaling using an event in a rule.

The Enable.ProxyControl event is provided for this purpose. It is executed with the settings for the Proxy Control module. These settings include options for enabling TCP window scaling and for setting the maximum window size.

Using this method, you can configure TCP window scaling differently for each connection.

There is no default or library rule set for TCP window scaling. So, if you want to use this method, you must create your own rule set with a suitable rule.

System file

You can configure TCP window scaling by entering parameter names and values in a system file.

The file name is sysctl.con. You can edit this file using the editor that is provided on the Web Gateway interface.

Using this method, you can configure the maximum and minimum sizes for the TCP window.

Precedence of the configured values

If more than one method is used for configuring TCP window scaling, the configured values are effective according to particular rules. In general:

  • System file entries take precedence over system settings and event settings.
  • System settings take precedence over event settings.

This means, for example:

  • The maximum window size in the system file cannot be exceeded by configuring a larger size using any of the other methods.
  • If the minimum window size in the system file is greater than a particular value, TCP window scaling cannot be disabled using any of the other methods.
  • If TCP window scaling is disabled in the system settings, it cannot be enabled by the event settings.
  • Was this article helpful?