Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
thund31
New Contributor

configure MTU for routing on 200D?

I mean, i have two physical switch connecting to a fortigate 200D and these two switches are using differnt VLAN IP subnets therefore the fortigate is acting as a router(static routing, not using dynamic).

 

The two switches had MTU 9000 jumbo configured on all ports and I want to make the transmission between the two switches consistent so the ports on the fortigate that are connected to the 2 switches had MTU 9000 configured too.

 

now, there's a confusing doubt about routing MTU. I checked this document but still not sure: https://docs.fortinet.com/document/fortigate/6.0.0/handbook/822669/interface-mtu-packet-size

 

Do I need to configure the routing MTU or something on this fortigate firewall(to ensure that the correct frame size will be consistent between the 2 switches after the routing happened)?

thanks in advance!

5 REPLIES 5
Toshi_Esumi
Esteemed Contributor III

If ethernet frames comes through the FGT over the ethernet cable between the switches and the FGT and you want jumbo packets to go/come through without fragmentation, you need to configure the MTU on the FGT interfaces as in the handbook.

thund31

@toshi esumi

thanks for the answer!

 

i forgot to say...

i doubt that whether the routing mtu should be configure on the fortigate to avoid packet fragmentation or not cause i need a consistent MTU size throughout the routing and connection between end point.

 

is the default routing mtu on fortigate 1500 or not?

ede_pfau
Esteemed Contributor III

Yes, it is 1500 bytes.

I don't see where the cited handbook chapter is ambiguous. If you need a non-standard MTU you have to set it on all interfaces involved (MTU is set on the physical interface on a FGT, a VLAN port inherits it) across the FGT and all switches.

I am not aware of a "routing MTU", a value especially set for routing traffic.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Toshi_Esumi
Esteemed Contributor III

If you have doubt, you can verify with "fnsysctl ifconfig -a <interface_name>".

emnoc
Esteemed Contributor III

What he said and " diag netlink interface list | grep <interface name> "

 

As far as routing-mtu that is a feature seen in  linux/unix where you can set route and the mtu per that route. That is not doable from within fortios

 

Ken Felix

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors