This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to ignore my ISPs DHCP MTU of only 576?

Hello Sophos Experts!


My issue is as follows... My ISPs DHCP server is setting my external interface's MTU to 576. While an MTU of 1500 should (and does) work, whenever I change the MTU in the WebAdmin UI, it gets reset to 576 by DHCP. Yes, getting the ISP to fix their equipment *IS* the larger, overall solution here, but I cannot rely upon them for such a fix...

How can I alter this behaviour? How can I get my Sophos Gateway to ignore the DHCP packets MTU? How can I permanently, manually override that external interface's MTU?



This thread was automatically locked due to age.
Parents
  • While not the exact same question, I do have a related one to this, and I am a Home user who cannot call support, so unsupported hacks are fine with me.

    Since the latest update, I have noticed that my wireless clients cannot browse the internet and was wondering if this would be the cause. The only thing I've noticed is the new MTU setting, and this is affecting both my installation and my parents' who are also on the same version of Sophos.

    Our setup is similar:

    Comcast -> Sophos UTM 9 -> Switch -> Netgear NightHawk in AP Mode -> Wireless Clients

    The wired clients connected directly to the switch don't seem to have an issue browsing the internet, but the wireless ones do. We've also tried using different wireless access points (Open Mesh and Linksys, as well as another Netgear), but had the same results. From what I can tell, the MTU is the only difference so logically I would guess that the wireless APs are not dropping their packet sizes down to match, whereas the wired devices are.

    Funny thing is, if I put my wireless router back into router mode, connect it to the WAN and take the Sophos out of the equation, everything works just fine.

    Is this something others have encountered? If so, I will try and edit the config file tonight and test it to see if this provides a fix. Maybe the next release will resolve the issue.

Reply
  • While not the exact same question, I do have a related one to this, and I am a Home user who cannot call support, so unsupported hacks are fine with me.

    Since the latest update, I have noticed that my wireless clients cannot browse the internet and was wondering if this would be the cause. The only thing I've noticed is the new MTU setting, and this is affecting both my installation and my parents' who are also on the same version of Sophos.

    Our setup is similar:

    Comcast -> Sophos UTM 9 -> Switch -> Netgear NightHawk in AP Mode -> Wireless Clients

    The wired clients connected directly to the switch don't seem to have an issue browsing the internet, but the wireless ones do. We've also tried using different wireless access points (Open Mesh and Linksys, as well as another Netgear), but had the same results. From what I can tell, the MTU is the only difference so logically I would guess that the wireless APs are not dropping their packet sizes down to match, whereas the wired devices are.

    Funny thing is, if I put my wireless router back into router mode, connect it to the WAN and take the Sophos out of the equation, everything works just fine.

    Is this something others have encountered? If so, I will try and edit the config file tonight and test it to see if this provides a fix. Maybe the next release will resolve the issue.

Children
  • I can now confirm the config file resolved this issue. It's strange that it only affected some of my wireless clients (most notably phones and one laptop), but didn't affect a few others (2 desktops and 2 iPads).

    I made the change on both UTM devices and now wireless connections are working without fail. The phones that were affected were our Galaxy S7 devices. The iPhones seemed to not have a problem with it, which makes sense as the iPad didn't have a problem. The laptop confused me because it is the same intel wireless ac card that is in the desktops, just without the external antennae.

    Either way, if someone sees a similar issue, and doesn't mind making the change to the config file, this seems to be working. It also fixed an IPv6 issue I was having and I am now consistently getting one from Comcast.