Sophos UTM: How to fix the “MTU 576” issue

During upgrade to UTM 9.405, Sophos fixed som MTU issues for Amazon, this was about getting the MTU values from the ISP DHCP server, problem is that some ISP’s use a value of 576, which is wrong, as it should be 1500 in most cases.

Until the release of todays 9.407-3,they introduced the fix “NUTM-4992”, which introduces a new confd parameter:

The┬á“mtu_auto_discovery” flag.
1 = Take interface MTU from DHCP and overwrite value in confd (default)
0 = Do not take interface MTU from DHCP (Allows manual setting in Webadmin)

So how to fix this (Only if you have the issue, static wan links does not and many DHCP WAN links does’nt either ­čÖé )

Login as loginuser then root in ssh shell:

cc
RAW
lock_override
OBJS
interface
ethernet (or cable, or other type)
REF_ (Tap TAB two times – then you can see the interface list. Mine is called “REF_IntCabExternaWan[WAN,interface,ethernet]”
(You will get a look like this:)

‘additional_addresses’ => [],
‘bandwidth’ => 0,
‘comment’ => ‘Added by installation wizard’,
‘inbandwidth’ => 100000000,
‘itfhw’ => ‘REF_ItfEthEth1’,
‘link’ => 1,
‘mtu’ => 576,
‘mtu_auto_discovery’ => 1,
‘name’ => ‘WAN’,
‘outbandwidth’ => 20000000,
‘primary_address’ => ‘REF_ItfPri000024’,
‘proxyarp’ => 0,
‘proxyndp’ => 0,
‘status’ => 1
}

Then write:

mtu_auto_discovery=0
w  (write the changes)

Now go into Webadmin and find the WAN link, change the MTU under Advanced to 1500 and voila! ­čÖé

2 Comments

  1. erizkayolandaputri

    I’m pretty sure I chose the right interface. I tried it but I couldn’t.
    Is there an idea why changing MTU has no effect?

    Reply
    1. Martin (Post author)

      If changing the MTU has no effect in WebAdmin and it’s still on 576, then you have not set mtu autodiscovery flag to zero on the correct interface. Remember first set the flag, save it, then go to Webadmin and set the correct value afterwards ­čśë

      Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close