Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Decrease size of Syslog & SNMP to avoid going over IPSEC MTU

Hi everyone,


I got a Fortigate 60E and I got an issue with the syslog (fortianalyser) & SNMP queries going over what the IPSEC tunnel can do.


I have Tx errors on the IPSec interface, which is usually due to MTU issues and that's exactly the case and the culprit are... the FortiGate itself that is sending SNMP & Syslog packets over the 1422 MTU the IPSec tunnel has.


The source IP is a Loopback.


I couldn't find a way to decrease the size of neither the Syslog or the SNMP messages in FortiOS 6.0.X. I've checked the CLI of 6.2.X but can't find a way either. You cannot set the MTU of a loopback and you can't set the size of the responses in the configuration, or at least I haven't found the setting yet.


Have you ever encountered this issue ? and how did you solve it ?


PS: I don't really want to set the set honor-df to disable as it will create more workload to reassemble everything.

New Contributor III



First, change the mode of syslog from UDP to TCP, 


# config log syslogd setting

# set mode reliable

# end


What I would suggest is that you can try to change the tcp mss value in the policy for the VPN traffic. Try matching the Syslog messages only in that policy for testing.


# config firewall policy

# edit <Policy ID>

# set tcp-mss-sender 1000

# set tcp-mss-receiver 1000

# end


Let me know if that works or not.





Esteemed Contributor III

tcp-mss adjustment would help on tcp traffic but I'm reliable surprise the fortianalyzer is not already using  tcp to begin with. On SNMP that's all UDP and I personally never seen a packet go over 1200 bytes.



How you can test the maxsize is to walk the device and look at the packets


e.g from a linux device with snmp-utility


In one window


snmpwalk -c "mystringforcommunity" -v2c x.x..x.x 


In 2nd window


 tcpdump -nnnvv  -i eth0 host x.x.x.x and port 161 and greater  1200


Ken Felix





PCNSE NSE StrongSwan

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors