Configuring interfaces

Network configuration

 

 

Changing the MTU size to improve network performance

To improve network performance, you can change the maximum transmission unit (MTU) of the packets that the FortiGate unit transmits from any interface. Ideally, this MTU should be the same as the smallest MTU of all the networks between the FortiGate unit and the destination of the packets. If the packets that the FortiGate unit sends are larger, they are broken up or fragmented, which slows down transmission. Experiment by lowering the MTU to find an MTU size for best network performance.

To change the MTU size of the packets leaving an interface

1Go to System > Network > Interface.

2Choose an interface and select Modify .

3Select Override default MTU value (1500).

4Set the MTU size.

Set the maximum packet size. For manual and DHCP addressing mode the MTU size can be from 576 to 1500 bytes. For PPPoE addressing mode the MTU size can be from 576 to 1492 bytes.

Configuring traffic logging for connections to an interface

To configure traffic logging for connections to an interface

1Go to System > Network > Interface.

2Choose an interface and select Modify .

3Select the Log check box to record log messages whenever a firewall policy accepts a connection to this interface.

4Select OK to save the changes.

Configuring the management interface in Transparent mode

Configure the management interface in Transparent mode to set the management IP address of the FortiGate unit. Administrators connect to this IP address to administer the FortiGate unit. The FortiGate also uses this IP address to connect to the FDN for virus and attack updates (see “Updating antivirus and attack definitions” on page 117)

You can also configure the management interface to control how administrators connect to the FortiGate unit for administration and the FortiGate interfaces to which administrators can connect.

Controlling administrative access to a FortiGate interface connected to the Internet allows remote administration of the FortiGate unit from any location on the Internet. However, allowing remote administration from the Internet could compromise the security of the FortiGate unit. You should avoid allowing administrative access for an interface connected to the Internet unless this is required for your configuration. To improve the security of a FortiGate unit that allows remote administration from the Internet:

Use secure administrative user passwords,

Change these passwords regularly,

144

Fortinet Inc.

Page 144
Image 144
Fortinet FortiGate-800 manual Changing the MTU size to improve network performance, 144