Hi everyone,
I got a Fortigate 60E and I got an issue with the syslog (fortianalyser) & SNMP queries going over what the IPSEC tunnel can do.
I have Tx errors on the IPSec interface, which is usually due to MTU issues and that's exactly the case and the culprit are... the FortiGate itself that is sending SNMP & Syslog packets over the 1422 MTU the IPSec tunnel has.
The source IP is a Loopback.
I couldn't find a way to decrease the size of neither the Syslog or the SNMP messages in FortiOS 6.0.X. I've checked the CLI of 6.2.X but can't find a way either. You cannot set the MTU of a loopback and you can't set the size of the responses in the configuration, or at least I haven't found the setting yet.
Have you ever encountered this issue ? and how did you solve it ?
PS: I don't really want to set the set honor-df to disable as it will create more workload to reassemble everything.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
First, change the mode of syslog from UDP to TCP,
# config log syslogd setting
# set mode reliable
# end
What I would suggest is that you can try to change the tcp mss value in the policy for the VPN traffic. Try matching the Syslog messages only in that policy for testing.
# config firewall policy
# edit <Policy ID>
# set tcp-mss-sender 1000
# set tcp-mss-receiver 1000
# end
Let me know if that works or not.
Regards,
Patel
tcp-mss adjustment would help on tcp traffic but I'm reliable surprise the fortianalyzer is not already using tcp to begin with. On SNMP that's all UDP and I personally never seen a packet go over 1200 bytes.
How you can test the maxsize is to walk the device and look at the packets
e.g from a linux device with snmp-utility
In one window
snmpwalk -c "mystringforcommunity" -v2c x.x..x.x
In 2nd window
tcpdump -nnnvv -i eth0 host x.x.x.x and port 161 and greater 1200
Ken Felix
PCNSE
NSE
StrongSwan
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.