Traffic Shaping Policy
(2019-07-08)
Problem
Traffic shaping wtf?
Solution
In 5.6, traffic shaping was removed from IPv4 Policy and moved to its own policy page.
In 5.6.3, Fortinet added the ability to apply schedules to Traffic Shaping Policies. However this functionality does not appear in the GUI, you have to use/view it through the CLI. ( [source](https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate- whats-new/FeatureCatalog-traffic-shaping.htm) )
If you are going to be marking DSCP values on things, you need to know that the Fortigates expect binary values instead of decimals like everything else in the world. See [this translation table](https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate- traffic-shaping-54/TS_Configuration/TS_ToS_DSCP.htm).
config firewall shaper traffic-shaper
edit "guarantee-1000kbps"
set guaranteed-bandwidth 1000
set maximum-bandwidth 1048576
set diffserv enable
set diffservcode 010111
next
end
Remember that DSCP values are almost guaranteed to be ignored, if not outright stripped, from your packets as they cross any internet equipment. DSCP values are for internal, and your-entertainment-purposes, only.
In my experience, just setting the priority values on traffic types (high, medium, low) without guarantee and max values don't do anything useful.
Maximum-Bandwidth policies will lead to dropped packets so your applications better be okay with that.