Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sagha
Staff
Staff

Created on ‎05-15-2015 03:33 AM Edited on ‎09-02-2024 10:14 PM By Community Manager

Article Id 197883

Technical Tip : OSPF MTU mismatch after upgrade

Description

 

This article deals with an issue that may occur with OSPF peering not coming up after an upgrade of FortiOS. For example, in FortiOS 6.4 and later there was a change to how IPsec interface MTU is calculated.

 

Related document:

IPsec interface MTU value

 

As a side effect of this change, an issue can be observed where OSPF over an IPsec interface does not form a neighborship due to a mismatch of MTU sizes on each side.

 

Scope

 

FortiGate


Solution

 

The solution is to set MTU on the OSPF interface or configure mtu-ignore under ‘config router ospf

 

  1. Configuring MTU.

 

config router ospf
    config ospf-interface
        edit int_1
            set mtu xxxx <----- Desired MTU size.
        next
    end
end

 

  1. Enable mtu-ignore on the OSPF interface.

 

config router ospf
    config ospf-interface
        edit int_1
            set mtu-ignore enable
        end
    end

 

The current MTU on OSPF interface can be verified with the command:

 

get router info ospf interface

 

IKE is up, line protocol is up
  Internet Address 10.10.0.1/32, Area 0.0.0.0, MTU 1446

13251
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.