Technical Tip: How to adjust the Maximum Transmission Unit (MTU) value

acp · ‎07-04-2016

Description

This article describes how to adjust the Maximum Transmission Unit (MTU) value on a FortiGate interface.

The MTU is the largest physical packet size, measured in bytes, that a network can transmit. Any packets larger than the MTU are divided into smaller packets before they are sent.
The default MTU is 1500 on a FortiGate interface.

Scope

FortiGate.

Solution

The MTU value can only be changed through CLI.

To change the value from the CLI (For example on WAN2):

config system interface

edit "wan2"

set vdom "root"

set mtu-override enable

set mtu 9000

To verify interface MTU from CLI:

diag netlink interface list <interface-name>
diag hardware deviceinfo nic <interface-name>
fnsysctl ifconfig <interface-name>

Note:

Changing the MTU value might affect the internet access for a while. Hence it is suggested to change the value by taking a downtime.

SSL VPN 7.6.1+:

Prior to FortiOS version 7.6.1, the MTU on the virtual SSL VPN interface could not be modified. This functionality has now been added and works like any other interface:

config system interface

edit "ssl.root"

set vdom "root"
set type tunnel
set alias "SSL VPN interface"
set snmp-index 3
set mtu-override enable
set mtu 1300

Related article:

Technical Tip: Finding the MTU of the FortiGate interface

Technical Tip: How to adjust the Maximum Transmission Unit (MTU) value

You are leaving our website