FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
krajaa
Staff
Staff
Article Id 193388
Description
By default, the MTU of an IPsec VPN Interface is dynamically calculated.
Prior to v6.4.0, user will not be able to manually override.
From v6.4.0, user can override the MTU of an IPSec VPN Interface.

This article describes how to
override the MTU of an IPSec VPN Interface from CLI.

Solution
From CLI.
# config system interface
    edit ipsec-tunnel-1
        set mtu-override enable/disable
        set mtu 1400
    end
end

Comments
Andy_L
Staff
Staff

"By default, the MTU of an IPsec VPN Interface is dynamically calculated."

 

Technically, how does it calculate the MTU?

akristof
Staff
Staff

Hello Andy,

MTU is calculated based on multiple factors - parent interface, FortiOS versions, algorithm used, if NAT-T is used or not, etc.

Contributors