Sophos UTM: How to fix the “MTU 576” issue

During upgrade to UTM 9.405, Sophos fixed som MTU issues for Amazon, this was about getting the MTU values from the ISP DHCP server, problem is that some ISP’s use a value of 576, which is wrong, as it should be 1500 in most cases.

Until the release of todays 9.407-3,they introduced the fix “NUTM-4992”, which introduces a new confd parameter:

The “mtu_auto_discovery” flag.
1 = Take interface MTU from DHCP and overwrite value in confd (default)
0 = Do not take interface MTU from DHCP (Allows manual setting in Webadmin)

So how to fix this (Only if you have the issue, static wan links does not and many DHCP WAN links does’nt either 🙂 )

Login as loginuser then root in ssh shell:

cc
RAW
lock_override
OBJS
interface
ethernet (or cable, or other type)
REF_ (Tap TAB two times – then you can see the interface list. Mine is called “REF_IntCabExternaWan[WAN,interface,ethernet]”
(You will get a look like this:)

‘additional_addresses’ => [],
‘bandwidth’ => 0,
‘comment’ => ‘Added by installation wizard’,
‘inbandwidth’ => 100000000,
‘itfhw’ => ‘REF_ItfEthEth1’,
‘link’ => 1,
‘mtu’ => 576,
‘mtu_auto_discovery’ => 1,
‘name’ => ‘WAN’,
‘outbandwidth’ => 20000000,
‘primary_address’ => ‘REF_ItfPri000024’,
‘proxyarp’ => 0,
‘proxyndp’ => 0,
‘status’ => 1
}

Then write:

mtu_auto_discovery=0
w  (write the changes)

Now go into Webadmin and find the WAN link, change the MTU under Advanced to 1500 and voila! 🙂