Skip to main content

Traffic Shaping Policy

(2019-07-08)

Problem

Traffic shaping wtf?

Solution

In 5.6, traffic shaping was removed from IPv4 Policy and moved to its own policy page.

In 5.6.3, Fortinet added the ability to apply schedules to Traffic Shaping Policies. However this functionality does not appear in the GUI, you have to use/view it through the CLI. ( [source](https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate- whats-new/FeatureCatalog-traffic-shaping.htm) )

If you are going to be marking DSCP values on things, you need to know that the Fortigates expect binary values instead of decimals like everything else in the world. See [this translation table](https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate- traffic-shaping-54/TS_Configuration/TS_ToS_DSCP.htm).

config firewall shaper traffic-shaper
     edit "guarantee-1000kbps"
         set guaranteed-bandwidth 1000
         set maximum-bandwidth 1048576
         set diffserv enable
         set diffservcode 010111
     next
end

Remember that DSCP values are almost guaranteed to be ignored, if not outright stripped, from your packets as they cross any internet equipment. DSCP values are for internal, and your-entertainment-purposes, only.

In my experience, just setting the priority values on traffic types (high, medium, low) without guarantee and max values don't do anything useful.

Maximum-Bandwidth policies will lead to dropped packets so your applications better be okay with that.