| Description |
This article describes MTU (Maximum Transmission Unit) interface. MTU dictates the size of packet that can be transmitted on the network.
If a packet size is more than allowed MTU size on the network and DF (Don’t Fragment) bit is set on the packet, a device which would have fragment packets larger than allowed MTU size, will instead drop them (discard the packet) - this can cause slowness or worse.
Note that fragmentation add extra overhead, as assembling/re-assembling the fragmented packets are needed.
When facing packet drops or slowness or some Application not working at all, it can be interesting to check what the interface MTU is, and whether FortiGate has errors or not (something that can resulted from bad port/cable/duplex setting). |
| Scope |
FortiGate v6.4 FortiGate v7.2 FortiGate v7.4 |
| Solution |
To check interface MTU on FortiGate, use below 'ifconfig' command.
fnsysctl ifconfig -a wan1
In general:
fnsysctl ifconfig -a <intf_name>
If the command is used without specifying the interface, it listed all the interfaces on FortiGate.
From the output, it is also shown error counter, drops, overrun and collisions : - Overrun errors, occurs when there’s more demand than the unit can offer, i.e due to overload. - Collision errors, can be caused by wrong duplex settings. E.g using half duplex.
Other useful information regarding the interface can be found like MAC address (HWaddr), transmitted and received traffic volume. This command can also check VPN tunnel interface (it is possible to see how MTU size has reduced to on a VPN interface, after deploying certain 'encryption/authentication' algorithm).
See below screenshot, and note the VPN interface’s MTU after some bytes has been spent on VPN overhead.
|
