When setting up an Amazon VPC VPN connection, when one clicks "download configuration" and selects Fortigate 4.0, the following is provided within the configuration file.
However, when this is executed in the Fortigate 70D CLI, the following error occurs:
> command parse error before 'mtu'
> Command fail. return code -61
Is there a way to set the MTU value on a Fortigate 70D running 5.2.x?
config system interface edit "vf00894a8-0-p1" set vdom "root" set ip 169.254.10.134 255.255.255.255 set allowaccess ping set type tunnel set tcp-mss 1387 set remote-ip 169.254.10.133 set mtu 1427 set interface "wan1" next end
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The answer is as follows:
[ul]
From the CLI Reference for 5.2.6:
> (mtu-override) Select enable to use custom MTU size instead of default (1500). This is available only for physical interfaces and some tunnel interfaces (not IPsec). Some models support MTU sizes larger than the standard 1500 bytes.
It is a bit strange, perhaps, that Amazon's downloadable config for Fortigates contains an MTU override. Perhaps this was available in the 4.0 operating system which the Amazon config is based upon. I also wonder if this has something to do with the ASICs which I believe are used to process some or all IPSEC VPN traffic on some models, including the 70D.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1643 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.