Configuring the – Fortinet FortiGate 4000 User Manual
Page 148
148
Fortinet Inc.
Configuring interfaces
Network configuration
Changing the MTU size to improve network performance
To improve network performance, you can change the maximum transmission unit
(MTU) of the packets that the FortiGate unit transmits from any interface. Ideally, this
MTU should be the same as the smallest MTU of all the networks between the
FortiGate unit and the destination of the packets. If the packets that the FortiGate unit
sends are larger, they are broken up or fragmented, which slows down transmission.
Experiment by lowering the MTU to find an MTU size for best network performance.
To change the MTU size of the packets leaving an interface
1
Go to System > Network > Interface.
2
Choose an interface and select Modify
.
3
Select Override default MTU value (1500).
4
Set the MTU size.
Set the maximum packet size. For manual and DHCP addressing mode the MTU size
can be from 576 to 1500 bytes. For PPPoE addressing mode the MTU size can be
from 576 to 1492 bytes.
Configuring traffic logging for connections to an interface
To configure traffic logging for connections to an interface
1
Go to System > Network > Interface.
2
Choose an interface and select Modify
.
3
Select the Log check box to record log messages whenever a firewall policy accepts a
connection to this interface.
4
Select OK to save the changes.
Configuring the management interface in Transparent mode
Configure the management interface in Transparent mode to set the management IP
address of the FortiGate unit. Administrators connect to this IP address to administer
the FortiGate unit. The FortiGate also uses this IP address to connect to the FDN for
virus and attack updates (see
“Updating antivirus and attack definitions” on page 123
).
You can also configure the management interface to control how administrators
connect to the FortiGate unit for administration and the FortiGate interfaces to which
administrators can connect.
Controlling administrative access to a FortiGate interface connected to the Internet
allows remote administration of the FortiGate unit from any location on the Internet.
However, allowing remote administration from the Internet could compromise the
security of the FortiGate unit. You should avoid allowing administrative access for an
interface connected to the Internet unless this is required for your configuration. To
improve the security of a FortiGate unit that allows remote administration from the
Internet:
• Use secure administrative user passwords,
• Change these passwords regularly,