Hi All,
A heads up here. We had some downtime for a bandwidth upgrade so at the same time we thought we would upgrade our 200D to V5.2.1. - which we have working fine elsewhere. This worked fine in most aspects BUT:
An Ironport cluster and a VMware application running over an IPsec VPN would disconnect almost every 59mins 23 (ish) seconds. Then reconnect. VPN's would stay up no errors or other notifications. It was so regular we knew it must be a timer or something somewhere - but we could not find it. We did packet traces of the disconnects and found that at the time of the disconnects 'something' was causing the application(s) to reset all its sessions.
We chased the ISP blaming the new link and looking at all manner of things that could be causing this, all to no avail. Today we reverted to V5.2.0 Build 589 - so far we have not had one disconnect (3hrs). The config on the Firewall is exactly the same.
I hope this stops someone else pulling their hair out. If the resets 'come back' I'll update this post.
Solved! Go to Solution.
Hi,
I can't find the relevant article but I believe you will find that is related to interface MTU / TCP MSS - try the following:
set tcp-mss 1380
set mtu-override enable set mtu 1454
These will be set on your WAN interface. You can play with the sizes to optimise them.
Cheers
Dickie wrote:Hi,
I can't find the relevant article but I believe you will find that is related to interface MTU / TCP MSS - try the following:
set tcp-mss 1380
set mtu-override enable set mtu 1454
These will be set on your WAN interface. You can play with the sizes to optimise them.
Cheers
You are awesome! I had a customer with a broken application that worked prior to the FWF-60D being installed. We could telnet to the correct ports, but the application would fail. I applied the above changes to WAN1 and it works. Please note, this was on 5.08.
Hi.
this tcp-mss 1380
mtu 1454
The 1380 and 1454 ,How to calculate?
1380 can barely understand, 1454 really do not understand, I hope you can help me answer.
English is a bit bad, hope you can understand
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.