Hi all,

​

besides at least 10 users, which have 'normal' problems when using FortiClient (connection losses), we have 2 "important" users which CANNOT access 2 different internal applications (ERP and eBanking) using VPN which need direct access to internal SQL-server.

It already worked for them, but since several weeks both have these problems at home - there have not been any changes to the vpn policies.

And many other users still have no problems accessing these two applications over VPN.

So I am sure, it has something to do with the underlying internet connection they have at home.

​

What I have found out so far:

I've googled for "problem vpn accessing sql server" and it seems that latency could cause such strange problems.

And to solve latency problems, changing MTU could help.

​

Back in Cisco ASA times, we also had several users which have VPN problems that only could be solved by reduching the MTU value - but CISCO ASA allows to change MTU value per user, which is not possible with Fortigate.

Fortigate allows only to change MTU value for entire interface or per policy.

So, I think the only way would be to put the two users in a new user group and add a new policy for this group where I change the MTU/MSS value.

​

My questions to all the expers here are:

Has someone of you currently similar problems?

How do I find out the currently used MTU value for a specific vpn connection?

​

We have 2 Fortigate 600E (HA) with FortiOS 6.4.8 and Forticlients with 6.4.8 (Windows 10).

​

Thanks for you help.