I have a Fortigate201E. I setup port 15 to have IPSEC tunnel to another Huawei FW, with a fiber link. The IPSEC tunnel is setup correctly and both phase 1 and 2 is up
I want to connect a wireshark and monitor the link for any drop packet or error. How do I do that?
Thanks for any help.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The reason why I want to monitor the link, is because someone told me the current MTU size of 1500 might be reduced with IPSEC tunnel overhead? not sure if this is true.
By default the MTU of an IPsec VPN Interface is dynamically calculated, this is to accommodate the additional overhead added by IPSec encryption. Below articles explains the details.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-MTU-override-of-IPsec-VPN-interface/ta-p/1...
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Tunnel-interface-MTU-value/ta-p/198748
https://www.fortinetguru.com/2019/06/ipsec-vpn-concepts-3/5/
Hi Suraj
So does it means I do not have to manually set MTU on that IPSEC tunnel interface?
Thanks for advice.
That is correct. Unless you are facing some issues with traffic and the corresponding troubleshooting points fragmentation issues, you may leave the settings/values as it is.
Created on 08-27-2023 10:07 PM Edited on 08-27-2023 10:09 PM By Anthony_E
I have not confirmed if there's any fragmentation on the wireshark. Still in the process of confirming. Will reply once I got any update. Thanks for your advice.
Regards,
Kwang Heng
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.