- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Problems with setting MTU
Greetings Forti Community,
I use a web application that I reach on a IP address in my company network over IPsec VPN.
It appears that the application sends a HTTP POST request to the server that can't get through the VPN tunnel, because the package is to big.
After I change my client VPN network interface to MTU 1350, it can send the package and the access works. I change it with the following command:
netsh interface ipv4 set subinterface "Ethernet 3" mtu=1350 store=persistent
After that I've tried to set the MTU of the VPN IPsec Tunnel to 1350 and restart my client, I still couldn't access the web application. I've also tried different MTU values on the Firewall, but it didn't really change anything. Only if I do it on the client per command line.
If I restart my client and start the FortiClient VPN, it seems that this resets my MTU on my client VPN network interface. So I'd have to execute the command to change my client MTU every time after I start the FortiClient.
Does anyone know how to set the MTU for the FortiClient, so my network interface always get the correct value, or how to get this to work on the Firewall?
Thank you very much for your help in advance!
Best,
Gary
Solved! Go to Solution.
- Labels:
-
FortiClient
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not seeing any way to adjust this automatically in the FortiClient unfortunately.
You may be able to adjust the TCP-MSS value in the SSLVPN's Firewall Policy instead.
See: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm not seeing any way to adjust this automatically in the FortiClient unfortunately.
You may be able to adjust the TCP-MSS value in the SSLVPN's Firewall Policy instead.
See: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for this! But my VPN Tunnel is IPSec. It seems that I don't have the option to edit the MSS value there, am I correct?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Read the KB @johnathan posted. The MSS adjustment is done at the policies handling IPSec traffic. Not at the interface.
Toshi
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the heads up! I got it wrong first.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you very much, this solved the problem! :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, it can also be done on the interface level, as shown in the article below