Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
thund31
New Contributor

Created on ‎01-28-2021 02:14 AM

configure MTU for routing on 200D?

I mean, i have two physical switch connecting to a fortigate 200D and these two switches are using differnt VLAN IP subnets therefore the fortigate is acting as a router(static routing, not using dynamic).

 

The two switches had MTU 9000 jumbo configured on all ports and I want to make the transmission between the two switches consistent so the ports on the fortigate that are connected to the 2 switches had MTU 9000 configured too.

 

now, there's a confusing doubt about routing MTU. I checked this document but still not sure: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/822669/interface-mtu-packet-size

 

Do I need to configure the routing MTU or something on this fortigate firewall(to ensure that the correct frame size will be consistent between the 2 switches after the routing happened)?

thanks in advance!

3687
0 Kudos
5 REPLIES 5
Toshi_Esumi
SuperUser
SuperUser

Created on ‎01-28-2021 10:02 AM

If ethernet frames comes through the FGT over the ethernet cable between the switches and the FGT and you want jumbo packets to go/come through without fragmentation, you need to configure the MTU on the FGT interfaces as in the handbook.

2700
0 Kudos
thund31
New Contributor
In response to Toshi_Esumi

Created on ‎02-02-2021 10:59 PM

@toshi esumi

thanks for the answer!

 

i forgot to say...

i doubt that whether the routing mtu should be configure on the fortigate to avoid packet fragmentation or not cause i need a consistent MTU size throughout the routing and connection between end point.

 

is the default routing mtu on fortigate 1500 or not?

2700
0 Kudos
ede_pfau
SuperUser
SuperUser
In response to thund31

Created on ‎02-03-2021 01:29 AM

Yes, it is 1500 bytes.

I don't see where the cited handbook chapter is ambiguous. If you need a non-standard MTU you have to set it on all interfaces involved (MTU is set on the physical interface on a FGT, a VLAN port inherits it) across the FGT and all switches.

I am not aware of a "routing MTU", a value especially set for routing traffic.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
2700
0 Kudos
Toshi_Esumi
SuperUser
SuperUser
In response to ede_pfau

Created on ‎02-03-2021 08:24 AM

If you have doubt, you can verify with "fnsysctl ifconfig -a <interface_name>".

2700
0 Kudos
emnoc
Esteemed Contributor III
In response to Toshi_Esumi

Created on ‎02-03-2021 09:09 AM

What he said and " diag netlink interface list | grep <interface name> "

 

As far as routing-mtu that is a feature seen in  linux/unix where you can set route and the mtu per that route. That is not doable from within fortios

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
2700
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.