Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
amrit
Staff
Staff

Created on ‎07-05-2023 09:45 PM Edited on ‎01-12-2025 10:24 PM By Community Manager

Article Id 262765

Technical Tip: FortiGate MTU on loopback interface

Description This article describes how to change MTU on a loopback interface.
Scope FortiGate v6.x.x and 7.x.x.
Solution

Since a loopback is a logical interface, it does not exist physically on the device. Hence, the MTU value is fixed and cannot be changed on this interface.

 

Virtual interfaces, such as VLAN interfaces, inherit their MTU size from their parent interface:

 

fnsysctl ifconfig <interface name> mtu <value>

 

MTU change using the above command is temporary. When FortiGate is rebooted, the interface will revert to its original MTU.

 

Initial Configuration: By default, the MTU for the loopback interface (Example: 'Lo1') is set to 1500.


di netlink interface list | grep "Lo1"
if=Lo1 family=00 type=65535 index=23 mtu=1500 link=0 master=0

Manual MTU Change: The MTU of the loopback interface can be changed using the following command. For example, setting it to '10000' in FortiOS v7.2.x and below:


fnsysctl ifconfig Lo1 mtu 10000 <- Not reboot persistent.

After modification, the MTU reflects the updated value:


di netlink interface list | grep "Lo1"
if=Lo1 family=00 type=65535 index=23 mtu=10000 link=0 master=0

After Reboot: Following a system reboot, the MTU reverts to its default value of 1500.


di netlink interface list | grep "Lo1"
if=Lo1 family=00 type=65535 index=23 mtu=1500 link=0 master=0

 

Configuring a Persistent MTU on Loopback (FortiOS v7.4.0 and Above).

Starting from v7.4.0, the ability to configure a persistent MTU for the loopback interface is available.

 

Below is an example configuration:


config system interface
    edit "Lo1"
        set vdom "root"
        set ip 10.51.0.3 255.255.255.255
        set allowaccess ping https ssh http
        set type loopback
        set role lan
        set mtu-override enable
        set mtu 10000
    next
end

After applying this configuration, the MTU for the loopback interface remains at 10000 even after a reboot.

 

di netlink interface list | grep "Lo1"
if=Lo1 family=00 type=65535 index=23 mtu=10000 link=0 master=0

 

As an alternative, TCP maximum segment size can be configured on the firewall policy where a loopback interface is used:

 

config firewall policy
    edit <policy id>
        set tcp-mss-sender <value>
        set tcp-mss-receiver <value>
end

 

Related articles:

Technical Tip: How to adjust the Maximum Transmission Unit (MTU) value on a FortiGate interface

Technical Note: MTU size and Jumbo frames support on FortiGate devices

 

Related document:

Interface MTU packet size
1391
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.