I was trialing a site-to-site IPSec VPN between an Azure two NIC PFSense intance and my UDM (See image)

I found that when I was trying to reach www.postfix.org with browser or ping I couldn't. I thought it was something to do with have a PFSense / UDM s2s VPN

I tried changing MTU for the UDM to a number of different values but in the end the above was the solution.

But eventually I found that the problem was having IPS turned on. So I've turned DPI and IPS off in the UDM (Settings => DPI, Settings => Threat Management) and I no longer lose connectivity to postfix.org via http/s & ping

While Unifi offers enterprise features at just above commodity prices you might have to spend time tracing gremlins to get things working

James McDonald - 2022

Where to go to change MSS Clamping on a UDM

Devices => Select UDM => on Slide out panel select Gear Icon (Config) => Expand Advanced