FortiController-5103B and ESP fragmented SIP traffic

If your FortiController-5103B SLBC cluster is processing ESP fragmented SIP traffic, Fortinet recommends running FortiController-5000 5.2.10 build 0189 instead of upgrading to 5.2.11 build 0191.

FortiController-5000 5.2.10 build 0189 disables IP fragment broadcasting when the load balancing method is set to src-dst-ip (L3 load balancing).

config load-balance session-setup

set ipsec-session load-balance

set load-distribution-method src-dst-ip

end