Im having some problems with my VXLAN over IPSec implementation. Im able to establish connection to the remote site. Telnet, SSH, RDP, VOIP is working fine but Outlook and some HTTP or HTTPS application don't work. I have read many article about this issue and all says that is a MTU or fragmentation issue. But I follow all the recommendation and nothing seems to work.
First thing I notice is that VPN interface, Software-switch and vxlan mtu were set to 1370. I manage to bring the VPN and vxlan mtu to 9000 and Software-switch to 1500. My physical interface are all set to max mtu (9216). I also disable the honor-df bit but the maximum mtu that i can pass without fragmentation is 1472. And I think that is fine because 1472 + 28(header overhead) = 1500. But still cant get Outlook to work. I also adjust the mss in the policy to 1432 (1472-40). Also I lower my encryption to 3DES SHA1.
My main FW is a 100F and the remote is a 60F. Im runnig 7.2.4.
I will appreciate any information that you can provide
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.