Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
victorzx
New Contributor

Change MTU size in fortigate 90d

Hello

 

I have a problem. I have a gvc3200 that is a videoconference system. So I have some problem with that. When I do a audio call there is no problem but when I do a video call with other equip there is a problem. I did a packet capture and I saww that fortigate truncated a lot of packet because the mtu is larger than 1500 mtu. So I change some configuration of gvc3200 in order to make a packet with 1500 mtu or less but for that. I removed somw feature that gvc3200 give me. I want to know if there is a way to tell fortigate to set 2000mtu or more for the gvc3200 ip adrress o how to change mtu in order to pass video call more than 1500 mtu. Sorry about my english

3 REPLIES 3
emnoc
Esteemed Contributor III

Yes  but  this is not what you should be doing imho or understand the risk of what impact with a mtu greater than  1500bytes.

 

BTW: i'm not aware of any videoconf systems  that needs UDP or TCP packets greater than 1500bytes  audio or video.

 

If this call is going over public internet  it would probably lead into other issues or worsen your issues.

 

Are we talking about TCP or UDP?

 

In order to change the interface MTU you need todo this in the cli

 

e.g

 

  config system interface     edit "port7"         set vdom "root"         set type physical         set mtu-override enable         set mtu 2000     next end

           

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
victorzx
New Contributor

I talked with grandstream and they tell me that mtu packet is more than 1500. They see our packet capture and they tell me to change mtu size. We hava a vpn with another office and I want to uses gvc3200 to make a videoconferences, Can you tell me the problem o make mtu bigger over internet? And you tell me to change mtu in physicaly interfaces. Is there a way to change mtu only a one ip address or a vlan maybe? And I use udp protocol. The problem is gvc3200 use BFCP protocol and with that feature to share presentation, mtu is bigger thant 1500 mtu

emnoc
Esteemed Contributor III

 

 

That might be true but if this traffic is going over a internet path for example,  than anything bigger than 1500bytes is going to be dropped if a DF bit is set.

 

Voice surely does NOT need a packet size greater than 1500bytes

Streaming Video is the same

Video Realtime is the same depending on codec

 

Think about it,

    do you need 1500+bytes to do a google video or skype call ? NO!

    if you had a video call via skype or hangout with a packet size of more than 1500bytes what happens  when you hit the internet ( fragmentation or drops if DF is set )

 

And lastly, most IPS systems are frowning on multiple fragments with UDP since layer4 header information is NOT present.

 

 

We hava a vpn with another office and I want to uses gvc3200 to make a videoconferences,

 

The  VPN will have overhead that would make your effective MTUsize much smaller.

 

 

Ken

 

 

Ken

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Labels
Top Kudoed Authors