New Member

Solved

QoS configuration (advanced)

Forum|Forum|10 years ago
June 23, 2015
1 reply
24788 views

Hello, I currently use a QoS configuration on a Cisco device and I wish to move this function on a Fortigate firewall (Fortigate 200B v5.2.0). On the Cisco device, QoS is defined as following: - services class are defined: GOLD (trafic to prioritize) / OTHER (trafic to "unprioritize") / SILVER (all other trafic) / (policy-map) - the network traffic is selected by ACL (access-list). - each ACL is associated to a service class (class-map) - dedicated ACL are apply on interfaces On the Fortigate firewalll, I would like to know how to define the same QoS policy with following requirements: - for a simple managing, I wouldn't like manage several QoS profile on the rules. - Is it possible to configure a global QoS policy in other place than rule filter configuration ? - on each rule, I would like to manage only a global QoS policy. - this feature seems not describe in the documentation, is it possible to do that ? May be in CLI configuration mode with dedicated commands ? Thank you for your advises and your help. Regards, Eric

Best answer by ewaizel

To check the active priorities in ver 5.2 you can use:

diagnose sys traffic-priority list

Here is the output produced by this (after adjusting all to low with some specific cases for medium or high).

Traffic priority type is set to DSCP (DiffServ).

00:low 01:low 02:low 03:low 04:low 05:low 06:low 07:low

08:low 09:low 10:low 11:low 12:low 13:low 14:low 15:low

16:low 17:low 18:low 19:low 20:low 21:low 22:low 23:low

24:low 25:low 26:low 27:low 28:low 29:low 30:low 31:low

32:low 33:low 34:medium 35:low 36:low 37:low 38:low 39:low

40:high 41:low 42:low 43:low 44:low 45:low 46:high 47:low

48:low 49:low 50:low 51:low 52:low 53:low 54:low 55:low

56:high 57:low 58:low 59:low 60:low 61:low 62:low 63:low

Note: in version 5.0 the equivalent command is the following. By default queue 1 (medium priority) is used.

diagnose sys tos-based-priority list

1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1

ewaizel

New Member

Eric

Did you find a solution to your request? I'm having a similar requirement.

emnoc

New Member

I would like to know how to define the same QoS policy with following requirements: - for a simple managing, I wouldn't like manage several QoS profile on the rules. - Is it possible to configure a global QoS policy in other place than rule filter configuration ? - on each rule, I would like to manage only a global QoS policy. - this feature seems not describe in the documentation, is it possible to do that ? May be in CLI configuration mode with dedicated commands ?

I know of no way to manager QoS in a global context. You need to apply the QoS per rules and order the fw-policy to ensure the classification takes place.

Qs;

1: do you need ONLY classification

2: do you need shaping-policy

3: can you do #1 at your hand-off if a switch is in place

Since the firewall is a firewall , you will have to apply something to a policy regardless. So I don't know of anything outside of cisco ASA & juniper SRX that has a global or interface QoS in a scheduler ( shaper ) or classifier.

Maybe you should ask your FTNT-sales teams for a feature request.

ewaizel

New Member

I just published another post related to what I can read in between lines.

From the Fortinet documentation I can read:

"If Traffic Shaping is not enabled in the security policy, the FortiGate unit neither limits nor guarantees bandwidth, and traffic for that session uses the priority queue determined directly by matching the ToS bit in its header with your configured values".

If this is the case, I understand we can define different global values for ToS or DSCP and an associated priority for each and as a consequence affect globally which queue is used. Why is this not considered an option?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded