Configure the MTU

Customize the MTU on the interface, for example, to allow jumbo frames.

For ASA models, the ISA 3000 and the threat defense virtual: Changing the MTU above 1500 bytes automatically enables jumbo-frame reservation. You must restart the system before you can use jumbo frames. After you restart, you cannot disable jumbo-frame reservation. If you use an interface in an inline set, the MTU setting is not used. However, the jumbo-frame reservation setting is relevant to inline sets; jumbo frames enable the inline interfaces to receive packets up to 9000 bytes. To enable jumbo-frame reservation, you must set the MTU of any interface above 1500 bytes.

Jumbo frames are enabled by default on other platforms.

Caution

Changing the highest MTU value on the device for a data interface restarts the Snort process when you deploy configuration changes, temporarily interrupting traffic inspection. Inspection is interrupted on all data interfaces, not just the interface you modified. Whether this interruption drops traffic or passes it without further inspection depends on the model of the managed device and the interface type. This caution does not apply to the Diagnostic interface or management-only interfaces. See Snort Restart Traffic Behavior for more information.

Procedure


Step 1

Select Devices > Device Management and click Edit (edit icon) for your threat defense device. The Interfaces page is selected by default.

Step 2

Click Edit (edit icon) for the interface you want to edit.

Step 3

On the General tab, set the MTU. The minimum and maximum depends on your platform.

The default is 1500 bytes.

Note

If you use VLAN tagging, the maximum value for the Firepower 9300 chassis is reduced by 4 bytes: 8996. Even if you can set the MTU to a value of 8997-9000, the actual payload size will be 8996.

Step 4

Click OK.

Step 5

Click Save.

You can now go to Deploy > Deployment and deploy the policy to assigned devices. The changes are not active until you deploy them.

Step 6

For ASA models, the ISA 3000 and the threat defense virtual, if you set the MTU above 1500 bytes, restart the system to enable jumbo-frame reservation. See Shut Down or Restart the Device.