Merge pull request #304547 from MicrosoftDocs/repo_sync_working_branch

Taojunshen · web-flow · commit eb2fbb9227a8 · 2025-08-22T05:39:04.000+08:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/virtual-network/virtual-network-encryption-faq.yml b/articles/virtual-network/virtual-network-encryption-faq.yml
@@ -21,9 +21,9 @@ sections:
         answer: |
           Encryption verification is limited to the status of the network interface resource, vnetEncryptionSupported, and Accelerated networking during public preview. After public preview, virtual network flow logs can be used to see the encrypted and unencrypted flows between virtual machines.
       
-      - question: Is there data not encrypted?
+      - question: Why are packets dropped in encrypted virtual networks, and how can I prevent it?
         answer: |
-          Fragmented packets aren't offloaded to hardware and don't get encrypted. Use an MTU of 1500 in the network configuration of your virtual machines.
+          Fragmented packets are not offloaded to hardware and are therefore dropped. To avoid this, configure your virtual machines with a network MTU of 1400. For encrypted virtual networks, ensure the "Don't Fragment" (DF) flag is set. Packets exceeding the 1400 MTU limit will be dropped rather than fragmented.
 
       - question: What certificate is used for the DTLS establishment on the Azure Host? 
         answer: |
