FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
krajaa
Staff
Staff
Article Id 193388

Description

 

This article describes how to override the MTU of an IPSec VPN Interface from CLI.

 

By default, the MTU of an IPsec VPN Interface is dynamically calculated. Before v6.4.0, the user will not be able to manually override. From v6.4.0, the user can override the MTU of an IPSec VPN Interface.

 

Scope

 

FortiGate.

Solution


From CLI:

 

config system interface
    edit ipsec-tunnel-1  <------ Replaces withthe  tunnel interface name.
        set mtu-override enable/disable    
        set mtu 1400   <------- Set the desired MTU settings.
    end
end

 

To check the MTU size changed use the following command:

 

fnsysctl ifconfig  < Phase-1 name>   (For eg-> ipsec-tunnel-1 )

 

Output:

 

ipsec-tunnel-1   Link encap:Unknown 

        UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1400  Metric:1 

        RX packets:405 errors:0 dropped:0 overruns:0 frame:0 

        TX packets:373 errors:58373915 dropped:0 overruns:0 carrier:0 

        collisions:0 txqueuelen:0 

        RX bytes:25196 (24.6 KB)  TX bytes:22380 (21.9 KB)