Hi,
I have two SSG5 firewalls running the latest firmware. Each firewall is connected to the internet. Behind the firewall are two private networks A and B. I have an ipsec tunnel connect A and B. Static routes direct traffc between the two private networks via the tunnel interfaces. I set the tunnel interface MTU on each firewall to 1400. The outer interfaces still have their default MTU of 1500.
From network A I can ping network B using "don't fragment" and a ping payload size of 1450.
Why was the ping not rejected at the tunnel interface for exceeding the MTU?
Thank you,
Chris