Hi,
we have a IPSec connection from our main 200F (7.4.4) firewalls to Azure. Users complain about performance so we are checking the connection. We use AES126 256SHA and have 6 networks in P2.
We checked package capture and we saw retransmissions so thats why we would like changing MTU.
First the MTU, we get through by: ping x.x.x.x -f -l 1280, so I thought 1280 + 28 = 1308 should be best MTU config, correct?
Changing the MTU for the VPN interface would affect all connections in Phase2?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
There is no specific MTU setting for Azure and if you are facing performance issues the it could some other reason to including if any DOS policy and performance issue
But for MTU you can try to change the MTU size in interface and test it and yes it will impact the connection so try in off business hour .
https://community.fortinet.com/t5/Support-Forum/Specify-MTU-for-an-IPSec-Tunnel/m-p/88004
Hi,
we configured the VPN with cookbook recomandations. Also we set 1380 as MTU for the IPSec interface. The upload speed for big files is good but upload for small files are < 400kbs which is really slow.
Also we have errors and retransmissions while doing package capture.
Any more recomandations? We are planing to change to L3 connection to Azure but we would like to be sure that we gain something in speed.
Thanks
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.