Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RolandBaumgaertner72
Contributor

Best MTU Config for IPSec to Azure

Hi,

 

we have a IPSec connection from our main 200F (7.4.4) firewalls to Azure. Users complain about performance so we are checking the connection. We use AES126 256SHA and have 6 networks in P2.

 

We checked package capture and we saw retransmissions so thats why we would like changing MTU.

 

First the MTU, we get through by: ping x.x.x.x -f -l 1280, so I thought 1280 + 28 = 1308 should be best MTU config, correct?

 

Changing the MTU for the VPN interface would affect all connections in Phase2?

 

Thanks!

 

 

2 REPLIES 2
msolanki
Staff
Staff

Hello,

 

There is no specific MTU setting for Azure and if you are facing performance issues the it could some other reason to  including if any DOS policy and performance issue 

But for MTU you can try to change the MTU size in  interface and test it and yes it will impact the connection so try in off business hour .

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-MTU-override-of-IPsec-VPN-interface/ta-p/1...

https://community.fortinet.com/t5/Support-Forum/Specify-MTU-for-an-IPSec-Tunnel/m-p/88004

RolandBaumgaertner72
Contributor

Hi,

 

we configured the VPN with cookbook recomandations. Also we set 1380 as MTU for the IPSec interface. The upload speed for big files is good but upload for small files are < 400kbs which is really slow.

 

Also we have errors and retransmissions while doing package capture.

 

Any more recomandations? We are planing to change to L3 connection to Azure but we would like to be sure that we gain something in speed.

 

Thanks

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors