Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
khang8
New Contributor

Created on ‎08-23-2023 03:09 AM

Is it necessary to fine tune MTU setting for my Fortigate201E (verison 6)

I have a Fortigate201E. I setup port 15 to have IPSEC tunnel to another Huawei FW, with a fiber link. The IPSEC tunnel is setup correctly and both phase 1 and 2 is up

 

I want to connect a wireshark and monitor the link for any drop packet or error. How do I do that?

 

Thanks for any help.

 

Labels:
284
0 Kudos
5 REPLIES 5
khang8
New Contributor

Created on ‎08-23-2023 03:11 AM

The reason why I want to monitor the link, is because someone told me the current MTU size of 1500 might be reduced with IPSEC tunnel overhead? not sure if this is true.

281
0 Kudos
srajeswaran
Staff
Staff
In response to khang8

Created on ‎08-23-2023 03:17 AM

By default the MTU of an IPsec VPN Interface is dynamically calculated, this is to accommodate the additional overhead added by IPSec encryption. Below articles explains the details.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-MTU-override-of-IPsec-VPN-interface/ta-p/1...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Tunnel-interface-MTU-value/ta-p/198748
https://www.fortinetguru.com/2019/06/ipsec-vpn-concepts-3/5/


Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

273
0 Kudos
khang8
New Contributor
In response to srajeswaran

Created on ‎08-23-2023 10:22 PM

Hi Suraj

So does it means I do not have to manually set MTU on that IPSEC tunnel interface?

 

Thanks for advice.

233
0 Kudos
srajeswaran
Staff
Staff
In response to khang8

Created on ‎08-23-2023 10:25 PM

That is correct. Unless you are facing some issues with traffic and the corresponding troubleshooting points fragmentation issues, you may leave the settings/values as it is.

Regards,

Suraj

- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

229
0 Kudos
khang8
New Contributor
In response to srajeswaran

Created on ‎08-27-2023 10:07 PM Edited on ‎08-27-2023 10:09 PM By Community Manager

I have not confirmed if there's any fragmentation on the wireshark. Still in the process of confirming. Will reply once I got any update. Thanks for your advice. 

 

Regards,

Kwang Heng

209
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.