03-12-2025 09:25 PM
We are currently planning a Cisco FlexConnect wireless AP setup with Palo Alto SD-WAN. as per various reference guides, we observed that when Windows performs certificate-based authentication, it sends large packets with an MTU of 1482 or more. However, the Palo Alto sdwan tunnel size is set to 1432.
This raises a concern: when EAP packets are sent from the AP (Branch) to the WLC (HQ) over the SD-WAN, and they traverse the Palo Alto firewall, the packets may get fragmented. To avoid this, we need to explore optimization options on either the firewall or the SD-WAN side to ensure the EAP packets reach the WLC without fragmentation.
Key Questions:
What optimizations can be implemented on the firewall or SD-WAN to prevent EAP packet fragmentation?
Are there any firewall rule changes required to accommodate this?
For additional context, please refer to the attached image.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
