Re: FortiOS 6.2.3 is out
I am pretty much sure there's an issue or a change in packet processing defaults regarding packet size/mtu/fragmentation between FortiOS 6.2.2 and 6.2.3. I am using FGT92D with PPPoE uplink (8 bytes of overhead) on an ordinary Ethernet link (1500 MTU). The system is a gateway for some TCP baced services (SSH, SMTP, POP3, IMAP, HTTPS, RDP, ...) behind a NAT (RFC1918 network) and when updating from 6.2.2 to 6.2.3 the connection drops when trying to let's say send an email over TLS, or even doing a "show full-configuration" over couple of SSH connections. I opened a ticket and did multiple tests with TAC Engineer and I am able to reproduce the issue every time when upgrading to 6.2.3. I could change tcp-mss-* values in every policy and/or set tcp-mss on an interface, but i'd really like the system would have the same processing of packets as it did in 6.2.2. Could someone that has a lab environment confirm this?