Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
julianhaines
New Contributor

Created on ‎05-02-2024 01:30 AM Edited on ‎05-02-2024 02:30 AM

FortiGate FGT200F MTU 7.v7.4.3 build2573 (Feature)

Good day,

 

I am using the SSL VPN on my FortiGate FGT200F in full tunnel mode and after upgrading to the latest version of the firmware "7.v7.4.3 build2573 (Feature)" the VPN speed has been very slow and think this may be the cause.

 

I have been in contact with FortiGate support and they have said to try tweaking the MTU on my internet facing interfaces.

 

I don't really want to do this as will affect all traffic going through and not sure what systems it will affect, I have looked at my Firewall Profiles for the VPN IN & Out and can see the two settings below.

 

set tcp-mss-sender 0
set tcp-mss-receiver 0

 

Are these the setting I should change and not the interface MTU?

 

I have done a ping test for MTU and it come out at 1472 + 28 bytes = a MTU of 1500

 

The MSS values I think should be MTU - 40 bytes = a MSS of 1460


https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518

 

I am not an expert on this so can anyone give me some guidance on if what I am doing is correct.

 

Below is my speed test, don't understand why upload is fast and download is so slow.

Speed Test.png

 

Thanks

 

 

 

 

 

 

Labels:
134
0 Kudos
1 REPLY 1
smaruvala
Staff
Staff

Created on ‎05-02-2024 03:14 AM

Hi,

 

- You can try to use dtls which will have better performance. 

- MSS Setting will have impact on the TCP packets only. It reduces the segment size which essentially reduces the total size of the packet.

- I would not suggest to use the value "zero" in the configuration. You can try to change the value to 1400 and verify if it improves the performance. MSS value change will not have any impact if the communication is over udp.

 

Regards,

Shiva

108
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.