Technical Tip: Interface-based traffic shaping with NP acceleration
Description
This article provides the solution to Interface-based traffic shaping with NP acceleration.
Scope
The examples that follow is given for versions 6.4.0 and 6.4.2.
Solution
Interface-based traffic shaping with NP acceleration is supported on some units.
An administrator configures the WAN interface's maximum outbound bandwidth and, based on that, creates a traffic shaping profile with a percentage based shaper.
This allows for proper QS and traffic shaping.
VLAN interfaces are not supported.
This feature is supported on FortiGate 600E, 500E, and 300E models.
To configure interface-based traffic shaping.
1) Enable NPU offloading when doing interface-based traffic shaping according to the egress-shaping-profile:
3) Configure a traffic shaper and shaping policy.
# config system interface
edit "port2"
set vdom "root"
set ip 10.1.100.23 255.255.255.0
set allowaccess ping
set type physical
set outbandwidth 500
set egress-shaping-profile "sdwan"
set snmp-index 4
next
end
5) Configure a firewall policy.
This article provides the solution to Interface-based traffic shaping with NP acceleration.
Scope
The examples that follow is given for versions 6.4.0 and 6.4.2.
Solution
Interface-based traffic shaping with NP acceleration is supported on some units.
An administrator configures the WAN interface's maximum outbound bandwidth and, based on that, creates a traffic shaping profile with a percentage based shaper.
This allows for proper QS and traffic shaping.
VLAN interfaces are not supported.
This feature is supported on FortiGate 600E, 500E, and 300E models.
To configure interface-based traffic shaping.
1) Enable NPU offloading when doing interface-based traffic shaping according to the egress-shaping-profile:
# config system npu2) Configure shaping profiles.
set intf-shaping-offload enable
end
# config firewall shaping-profileThe class number is limited to 16.
edit "sdwan"
set default-class-id 4
# config shaping-entries
edit 1
set class-id 4
set guaranteed-bandwidth-percentage 3
set maximum-bandwidth-percentage 5
next
edit 2
set class-id 3
set priority medium
set guaranteed-bandwidth-percentage 50
set maximum-bandwidth-percentage 100
next
edit 3
set class-id 2
set priority low
set guaranteed-bandwidth-percentage 1
set maximum-bandwidth-percentage 5
next
end
next
end
3) Configure a traffic shaper and shaping policy.
# config firewall shaper traffic-shaper
edit "Transactional"
set priority medium
next
end
# config firewall shaping-policy4) Apply the egress shaping profile on the interface.
edit 1
set service "ALL"
set dstintf "any"
set traffic-shaper "Transactional"
set class-id 3
set srcaddr "all"
set dstaddr "all"
next
end
# config system interface
edit "port2"
set vdom "root"
set ip 10.1.100.23 255.255.255.0
set allowaccess ping
set type physical
set outbandwidth 500
set egress-shaping-profile "sdwan"
set snmp-index 4
next
end
5) Configure a firewall policy.
# config firewall policy
edit 3
set srcintf "port2"
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set nat enable
next
end