For When You Can't Have The Real Thing
[ start | index | login ]
start > FortiOS > 5.6 > Traffic Shaping Policy

Traffic Shaping Policy

Created by dave. Last edited by dave, 48 days ago. Viewed 99 times. #1
[edit] [rdf]
labels
attachments
(2019-07-08)

Problem

Traffic shaping wtf?

Solution

In 5.6, traffic shaping was removed from IPv4 Policy and moved to its own policy page.

In 5.6.3, Fortinet added the ability to apply schedules to Traffic Shaping Policies. However this functionality does not appear in the GUI, you have to use/view it through the CLI. (>>source)

If you are going to be marking DSCP values on things, you need to know that the Fortigates expect binary values instead of decimals like everything else in the world. See >>this translation table.

config firewall shaper traffic-shaper
     edit "guarantee-1000kbps"
         set guaranteed-bandwidth 1000
         set maximum-bandwidth 1048576
         set diffserv enable
         set diffservcode 010111
     next
end

Remember that DSCP values are almost guaranteed to be ignored, if not outright stripped, from your packets as they cross any internet equipment. DSCP values are for internal, and your-entertainment-purposes, only.

In my experience, just setting the priority values on traffic types (high, medium, low) without guarantee and max values don't do anything useful.

Maximum-Bandwidth policies will lead to dropped packets so your applications better be okay with that.

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt