Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Not applicable

Created on ‎05-26-2006 12:00 AM Edited on ‎08-28-2024 10:59 PM By Moderator

Article Id 192636

Technical Tip: How to adjust the Maximum Transmission Unit (MTU) value on a FortiGate interface

Description

 

This article describes how to adjust the Maximum Transmission Unit (MTU) value on a FortiGate interface.

 

Scope

 

FortiGate.

 

Solution

 

MTU definition: The largest physical packet size, measured in bytes, that a network can transmit. Any packets larger than the MTU are divided into smaller packets before they are sent. The default MTU is 1500 on a FortiGate interface.

 

To change the MTU on a network interface from the GUI:

 

Note: FortiOS 5.4 and later (including 6.x and 7.x) no longer support configuring interface MTU from the GUI. This specific section only applies to FortiOS 5.2 and earlier and is retained for historical purposes.

 

  1. Go to System -> Network -> Interface.
  2. Select the Edit icon for the interface.
  3. Select Override default MTU value (1500).
  4. Enter the new MTU value.
  5. Select OK.

 

To change the MTU on a network interface from the CLI:

 

Edit the network interface and set mtu-override enable, then apply the desired MTU. This method is supported on all FortiOS versions:

 

config system interface

    edit <interface_name>

        set vdom "root"

        set mtu-override enable

        set mtu 9000

    next

end

 

MTU overrides can be configured for most interface types on the FortiGate (under config system interface), including:

  • Individual physical interfaces.
  • Aggregate/Redundant interfaces.
  • VLAN/Hardware and Software switches.
  • VLAN sub-interfaces.
    • Note that VLAN sub-interfaces inherit the MTU of the parent interface as a default setting, and the parent interface also defines the upper-limit for a VLAN's MTU override.
    • Example: if the parent interface has an MTU of 1500, the maximum configurable MTU for a VLAN on this interface is also 1500 (i.e. you cannot increase the VLAN MTU to 9000 bytes without first increasing the parent interface MTU).
    • Increasing the parent interface MTU to 9000 will also increase the VLAN interface's MTU to 9000 automatically, though you may now override the VLAN interface MTU to be below the parent interface's MTU (i.e. the VLAN can be set to 1500 bytes while the parent interface MTU remains at 9000 bytes).
  • IPsec tunnel interfaces (FortiOS 6.4.0 and later, see 611391 in the FortiOS 6.4.0 Release Notes).

It is possible to run diagnose netlink interface list <interface_name> to validate that an MTU override change has taken effect:

 

diag_netlink_interface_list.png

 

Each of these options allows an administrator to fine-tune the MTU based on specific requirements, whether it is for optimizing performance, troubleshooting, or dealing with specific network conditions.

 

Related articles:

114453
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.