Fortigate SSL/TLS Handshake fails

187 Les Carr Wed, Dec 6, 2017 Fortigate UTM 5738

In some circumstances when using WiFi clients browsing to SSL/TLS server hosts you will see "TLS timeout" or "TLS handshake error"

This can be caused by setting the WiFi interface on the fortigate to default (1500) As the WiFi encryption overhead coupled with the IPSec overhead AND the SSL/TLS bits needed the MTU will be exceeded

Set the WiFi Interface as follows

con sys int

edit "interface name"

set mtu-override enable

set mtu 9000

end

Did you find this article helpful?

Post Comment