Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
krajaa
Staff
Staff

Created on ‎05-20-2020 12:31 AM

Article Id 193388

Technical Tip: MTU override of IPsec VPN interface

Description
By default, the MTU of an IPsec VPN Interface is dynamically calculated.
Prior to v6.4.0, user will not be able to manually override.
From v6.4.0, user can override the MTU of an IPSec VPN Interface.

This article describes how to override the MTU of an IPSec VPN Interface from CLI.

Solution
From CLI.
# config system interface
    edit ipsec-tunnel-1
        set mtu-override enable/disable
        set mtu 1400
    end
end

Labels:
40339
Submit Article Idea
Comments
Andy_L
Staff
Staff
‎05-25-2023 07:03 PM

"By default, the MTU of an IPsec VPN Interface is dynamically calculated."

 

Technically, how does it calculate the MTU?

akristof
Staff
Staff
‎06-07-2023 02:49 AM

Hello Andy,

MTU is calculated based on multiple factors - parent interface, FortiOS versions, algorithm used, if NAT-T is used or not, etc.

Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.