IC Knowledge Base
Home » Categories » Security & Firewalls » Fortigate UTM

Fortigate SSL/TLS Handshake fails

Article ID: 187 | Rating: Unrated | Last Updated: Wed, Dec 6, 2017 at 3:39 PM

In some circumstances when using WiFi clients browsing to SSL/TLS server hosts you will see "TLS timeout" or "TLS handshake error"

 

This can be caused by setting the WiFi interface on the fortigate to default (1500) As the WiFi encryption overhead coupled with the IPSec overhead AND the SSL/TLS bits needed the MTU will be exceeded

Set the WiFi Interface as follows

 

con sys int 

edit "interface name"

set mtu-override enable

set mtu 9000

end

 

 
Posted by: - Wed, Dec 6, 2017 at 3:39 PM. This article has been viewed 7306 times.
Filed Under: Fortigate UTM
0 (0)
Article Rating (No Votes)
Rate this article
Attached Files
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Name
Email
Security Code Security Code
Related Articles RSS Feed
FortiGate MAC host check on SSL VPN
Viewed 6821 times since Fri, Aug 31, 2018
Technical Note: DNS resolution not working when DNS Server configured to ’Same as Interface IP’
Viewed 8935 times since Wed, Aug 9, 2017
Fortigate DC Replication RPC port 135 Session-Helper
Viewed 5859 times since Wed, Dec 6, 2017
Technical Note: Error ’Unable to establish the VPN connection. The VPN server may be unreachable. (-5)’ on FortiClient with SSL VPN
Viewed 42243 times since Mon, Aug 7, 2017
How to configure DNS based FortiGuard web filtering with FortiOS v5.4
Viewed 6104 times since Wed, Aug 2, 2017
Technical Note: Custom NTP server configuration
Viewed 3912 times since Fri, Aug 11, 2017
Fortigate Phase 2 Keep Alive
Viewed 2859 times since Thu, Jul 26, 2018
Fortigate Hairpin NAT
Viewed 10960 times since Fri, Aug 4, 2017
Full (Deep) SSL Inspection - Avoid certificate errors
Viewed 6530 times since Thu, Jul 26, 2018
Internet Central Limited, Innovation Centre 2, Keele Science Park, Keele, Staffordshire ST5 5NH
Registered Office: Ivy House Foundry, Hanley, Stoke-on-Trent, ST1 3NR
Registered in England: Reg No. 03079542 VAT Reg No. GB 278 923 705
Contact Us |Terms & Conditions |Legal, Privacy and Cookies
All prices exclude VAT E.&O.E © 2015 Internet Central

All trademarks and logos appearing on the site are the property of their respective owners