Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Andy_G
Staff
Staff

Created on ‎06-11-2014 01:08 AM

Article Id 198647

Configuration Guide: Avoiding IP Fragmentation in GRE Tunnel Deployments

Description
The purpose of the attached document is to explain how to avoid IP Fragmentation with the FortiGate TCP Maximum Segment Size feature when deploying FortiGate firewalls in GRE Tunnel mode.


Scope
Support for GRE tunneling was added in FortiOS 3.0
Support for configuring TCP MSS in firewall policies was added in FortiOS 3.0 MR4

Solution
Contents

* Introduction
* Network Components
* IP Fragmentation and Reassembly Overview
* TCP Maximum Segment Size (MSS) Overview
* GRE (Generic Route Encapsulation) Overview
* Network Architecture
* FGT-1000C Configuration
* FGT-3600C Configuration
* Fortinet TCP-MSS-Sender Option
* Updated Firewall Policies on the 1000C and 3600C
* Fortigate 1000C Firewall Policy
* Fortigate 3600C Firewall Policy
* BreakingPoint Testing (Clients connecting to servers and downloading 32K files)
* First Test
* Second Test

Preview file
1558 KB
Labels:
7215
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.