Fortinet Document Library

Version:


Table of Contents

New Features

6.2.0
Download PDF
Copy Link

Option to Fragment IP Packets Before IPSec Encapsulation

A new ip-fragmentation option has been added to control fragmentation of packets before IPsec encapsulation, which can benefit packet loss in some environments.

The following options are available for the ip-fragmentation variable:

Option

Description

pre-encapsulation Fragment before IPsec encapsulation.
post-encapsulation (default value) Fragment after IPsec encapsulation (RFC compliant).

You can only control this option using the CLI:

config vpn ipsec phase1-interface

edit "demo"

set interface "port1"

set authmethod signature

set peertype any

set net-device enable

set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

set ip-fragmentation pre-encapsulation

set remote-gw 172.16.200.4

set certificate "Fortinet_Factory"

next

end

Option to Fragment IP Packets Before IPSec Encapsulation

A new ip-fragmentation option has been added to control fragmentation of packets before IPsec encapsulation, which can benefit packet loss in some environments.

The following options are available for the ip-fragmentation variable:

Option

Description

pre-encapsulation Fragment before IPsec encapsulation.
post-encapsulation (default value) Fragment after IPsec encapsulation (RFC compliant).

You can only control this option using the CLI:

config vpn ipsec phase1-interface

edit "demo"

set interface "port1"

set authmethod signature

set peertype any

set net-device enable

set proposal aes128-sha256 aes256-sha256 aes128-sha1 aes256-sha1

set ip-fragmentation pre-encapsulation

set remote-gw 172.16.200.4

set certificate "Fortinet_Factory"

next

end