FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description This article describes how to define MTU size larger than 1500 on VLAN interfaces.
Solution VLAN interface MTU size directly depending on the MTU size of the parent/associated interface.
For example: On 'WAN2', physical interface create a a 'vlan_lab' VLAN interface. By default 'WAN2' interface MTU size is 1500.
When the MTU size is trying to be changed of the VLAN interface to more than 1500, the below error message appears.
# config system interface (interface)edit vlan_lab (vlan_lab)set mtu-override enable (vlan_lab)set mtu 9170
MTU size not valid. Should be in the range of 68 - 1500. node_check_object fail! for mtu 9170
value parse error before '9170' Command fail. Return code -2 end
To resolve this, set the MTU size on 'WAN2' interface to the desired value, for example set the MTU size to 9170
To set the MTU size enable, the 'mtu-override' command as below.
# config system interface edit "wan2" set mtu-override enable set mtu 9170 end
Set the MTU size for VLAN interface larger than 1500 is now possible. The MTU size of the VLAN interface always either equal or less than the parent/associated interface MTU size.
# show system interface vlan_lab # config system interface edit "vlan_lab" set vdom "root" set ip 10.10.10.10 255.255.255.0 set device-identification enable set role lan set snmp-index 11 set mtu-override enable set mtu 9170 set interface "wan2" set vlanid 15 next end
