Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
krajaa
Staff
Staff

Created on ‎05-20-2020 12:31 AM Edited on ‎10-17-2024 08:20 AM By Staff

Article Id 193388

Technical Tip: MTU override of IPsec VPN interface

Description

 

This article describes how to override the MTU of an IPSec VPN Interface from CLI.

 

By default, the MTU of an IPsec VPN Interface is dynamically calculated.
Before v6.4.0, the user will not be able to manually override.
From v6.4.0, the user can override the MTU of an IPSec VPN Interface.

Solution


From CLI:

 

config system interface
    edit ipsec-tunnel-1
        set mtu-override enable/disable
        set mtu 1400
    end
end

 

To check the MTU size changed use the following command:

 

fnsysctl ifconfig  < Phase-1 name>   (For eg-> ipsec-tunnel-1 )

 

Output:

 

ipsec-tunnel-1   Link encap:Unknown 

        UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1 

        RX packets:405 errors:0 dropped:0 overruns:0 frame:0 

        TX packets:373 errors:58373915 dropped:0 overruns:0 carrier:0 

        collisions:0 txqueuelen:0 

        RX bytes:25196 (24.6 KB)  TX bytes:22380 (21.9 KB)  

62865
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.