HTTPS MTU issue



  • We are running a number of client VMs behind a pfSense VM. Each of them has an interface with a public IP address.
    We were having issues with HTTPS traffic until we set the MTU on each client VM to 1472.
    Traffic to HTTPS sites (for example: https://transact.webadvantage.com.au/post/authorise) would time out.

    The topology is:
    Client VMs <-> pfSense VM <-> Cisco switch <-> Cisco Gateway <-> internet

    All of the interfaces have an MTU of 1500 or higher.

    We've enabled "Clear invalid DF bits instead of dropping the packets", but this didn't resolve the issue.

    Clients on the same network that aren't connected to pfSense have no MTU issues.

    What could be causing these issues? Any help or suggestions would be appreciated.

    The version of pfSense is:
    2.0.1-RELEASE (amd64)
    built on Mon Dec 12 18:16:13 EST 2011
    FreeBSD 8.1-RELEASE-p6

    Thanks for your time.


Log in to reply