How to ignore my ISPs DHCP MTU of only 576?

Search  the forum for mtu 576 and you will find what you are looking for.

You must mean any number of posts and links referring to editing the /var/chroot-dhcpc/etc/defaults.conf file... Right?

Let me rephrase my original question then....

Since any CLI edits will void the support, is there any SUPPORTED solution to this issue yet?

Yes, that's the one.  And no, not that I know of.  I would not lose sleep over changing this option and continuing to get support, but that is just my opinion.  The "proper" method, would be to rebuild/restore using 404 and skip 405 for now.  Or, if you have support you are worried about losing, why not use it and ask Sophos support?  Seriously, not trying to be daft, just wondering.

IPersonally, I do not have support, I am just using the Home version.That being said, I also do some consulting work, and one of my customers has Sophos (which is how I got introduced to it in the first place). Due to the (somewhat comical/idiotic) nature of our contract, I cannot contact Sophos on their behalf. So any/all Sophos work involving me with them has to come from me alone. Normally, this isn't an issue as most (99%) issues they raise work out to be PEBKAC-type issues. But every now and again, something like this pops up, and I need to find a "Supported" solution without involving my customer.

While not the exact same question, I do have a related one to this, and I am a Home user who cannot call support, so unsupported hacks are fine with me.

Since the latest update, I have noticed that my wireless clients cannot browse the internet and was wondering if this would be the cause. The only thing I've noticed is the new MTU setting, and this is affecting both my installation and my parents' who are also on the same version of Sophos.

Our setup is similar:

Comcast -> Sophos UTM 9 -> Switch -> Netgear NightHawk in AP Mode -> Wireless Clients

The wired clients connected directly to the switch don't seem to have an issue browsing the internet, but the wireless ones do. We've also tried using different wireless access points (Open Mesh and Linksys, as well as another Netgear), but had the same results. From what I can tell, the MTU is the only difference so logically I would guess that the wireless APs are not dropping their packet sizes down to match, whereas the wired devices are.

Funny thing is, if I put my wireless router back into router mode, connect it to the WAN and take the Sophos out of the equation, everything works just fine.

Is this something others have encountered? If so, I will try and edit the config file tonight and test it to see if this provides a fix. Maybe the next release will resolve the issue.

I can now confirm the config file resolved this issue. It's strange that it only affected some of my wireless clients (most notably phones and one laptop), but didn't affect a few others (2 desktops and 2 iPads).

I made the change on both UTM devices and now wireless connections are working without fail. The phones that were affected were our Galaxy S7 devices. The iPhones seemed to not have a problem with it, which makes sense as the iPad didn't have a problem. The laptop confused me because it is the same intel wireless ac card that is in the desktops, just without the external antennae.

Either way, if someone sees a similar issue, and doesn't mind making the change to the config file, this seems to be working. It also fixed an IPv6 issue I was having and I am now consistently getting one from Comcast.

Refer: https://community.sophos.com/products/unified-threat-management/f/52/t/79288

Thanks