FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ppatel
Staff
Staff
Description

This article describes how to enable path MTU discovery on Fortigate self-originated traffic.

Scope

 

Solution

- On 5.6 and 6.0 FortiOS lines, by default, any self-originated traffic from FGT (including proxy) has the DF bit set.

So fragmentation is not allowed along the path to the server which automatically triggered path MTU discovery when the intermediate router's MTU is smaller and thus Fortigate adjusted the packet size.

 

- FortiOS v6.2 onwards, DF bit is not set for self-originated traffic. Path MTU discovery can be configured as below:

 

# config system globa
   set pmtu-discovery enable | disable (by default disable)
end

Contributors