Contributor

Configuration Guide: Avoiding IP Fragmentation in GRE Tunnel Deployments

Forum|Forum|12 years ago
June 11, 2014
0 replies
8420 views

Description

The purpose of the attached document is to explain how to avoid IP Fragmentation with the FortiGate TCP Maximum Segment Size feature when deploying FortiGate firewalls in GRE Tunnel mode.

Scope

Support for GRE tunneling was added in FortiOS 3.0

Support for configuring TCP MSS in firewall policies was added in FortiOS 3.0 MR4

Solution

Contents

* Introduction
* Network Components
* IP Fragmentation and Reassembly Overview
* TCP Maximum Segment Size (MSS) Overview
* GRE (Generic Route Encapsulation) Overview
* Network Architecture
* FGT-1000C Configuration
* FGT-3600C Configuration
* Fortinet TCP-MSS-Sender Option
* Updated Firewall Policies on the 1000C and 3600C
* Fortigate 1000C Firewall Policy
* Fortigate 3600C Firewall Policy
* BreakingPoint Testing (Clients connecting to servers and downloading 32K files)
* First Test
* Second Test

FortiGate-TCP-MSS-Option-V2.pdf

FortiGate

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded