Description
This article describes how to adjust the Maximum Transmission Unit (MTU) value on a FortiGate interface.
The MTU is the largest physical packet size, measured in bytes, that a network can transmit. Any packets larger than the MTU are divided into smaller packets before they are sent.
The default MTU is 1500 on a FortiGate interface.
Scope
FortiGate.
Solution
The MTU value can only be changed through CLI.
To change the value from the CLI (For example on WAN2):
config system interface
edit "wan2"
set vdom "root"
set mtu-override enable
set mtu 9000
next
end
To verify interface MTU from CLI:
diag netlink interface list <interface-name>
diag hardware deviceinfo nic <interface-name>
fnsysctl ifconfig <interface-name>
Note:
Changing the MTU value might affect the internet access for a while. Hence it is suggested to change the value by taking a downtime.
SSL VPN 7.6.1+:
Prior to FortiOS version 7.6.1, the MTU on the virtual SSL VPN interface could not be modified. This functionality has now been added and works like any other interface:
config system interface
edit "ssl.root"
set vdom "root"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 3
set mtu-override enable
set mtu 1300
next
end
Related article:
Technical Tip: Finding the MTU of the FortiGate interface
