Skip to main content
RolandBaumgaertner72
RolandBaumgaertner72
New Member
November 21, 2024
Question

Best MTU Config for IPSec to Azure

  • November 21, 2024
  • 2 replies
  • 2680 views

Hi,

 

we have a IPSec connection from our main 200F (7.4.4) firewalls to Azure. Users complain about performance so we are checking the connection. We use AES126 256SHA and have 6 networks in P2.

 

We checked package capture and we saw retransmissions so thats why we would like changing MTU.

 

First the MTU, we get through by: ping x.x.x.x -f -l 1280, so I thought 1280 + 28 = 1308 should be best MTU config, correct?

 

Changing the MTU for the VPN interface would affect all connections in Phase2?

 

Thanks!

 

 

2 replies

msolanki
Staff
msolanki
Staff
November 21, 2024

Hello,

 

There is no specific MTU setting for Azure and if you are facing performance issues the it could some other reason to  including if any DOS policy and performance issue 

But for MTU you can try to change the MTU size in  interface and test it and yes it will impact the connection so try in off business hour .

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-MTU-override-of-IPsec-VPN-interface/ta-p/193388

https://community.fortinet.com/t5/Support-Forum/Specify-MTU-for-an-IPSec-Tunnel/m-p/88004

RolandBaumgaertner72
RolandBaumgaertner72Author
New Member
November 26, 2024

Hi,

 

we configured the VPN with cookbook recomandations. Also we set 1380 as MTU for the IPSec interface. The upload speed for big files is good but upload for small files are < 400kbs which is really slow.

 

Also we have errors and retransmissions while doing package capture.

 

Any more recomandations? We are planing to change to L3 connection to Azure but we would like to be sure that we gain something in speed.

 

Thanks

Terms & ConditionsAccessibility statement