Reverse Traffic Shaping

I' m working on something very similar, were you able to get this figured out? My thought was that you would need another policy (WAN->Int) and apply another traffic shaper for the upload traffic.

Hi, have you set the correct interface bandwidth? AFAIU this is the physical bw of the NIC: conf sys int ed wan1 set inbandwidth <integer> in KB/s (0-2097000; 0 for unlimited) set outbandwidth <integer> in KB/s (0-2097000; 0 for unlimited) next end The algorithm needs these figures to correctly calculate the packet drop rate. source: Release Notes and KC (search for " outbandwidth" :( [link=]http://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD30162&sliceId=1&docTypeID=DT_KCARTICLE_1_1[/link]

Hi, I have set " inbandwidth" & " outbandwidth" on my Internet interface " wan1" as you recommended. No change in overall behavior at all. But then I played around with the options " set traffic-shaper" and " set traffic-shaper-reverse" I found out that you have to apply the 8M-max/1M-min rule to the " reserve traffic shaper" and the 768k-max/128k-min rule to the " traffic shaper" . This is odd since the documentation implies the reverse behavior. I did some tests with my " internal->wan1" firewall policy and it looks I have achieved what I wanted to do: a) limit download traffic (e.h. http client from internal loading a file from web server in the Internet) to 8 MBit/sec b) limit upload traffic (e.g. ftp client from internal storing a file to a ftp server in the Internet) to 768 kbps/sec Unfortunately I have to duplicate all firewall policies for the clients in my " internal" network. I will do some more testing letting multiple clients download / upload files in parallel through the the traffic shapers. But for the moment it looks like my problem has been solved. Regards, ... Peter

This is the expected behaviour. For explanations, see my today' s post in the Firewall forum titled " Traffic Shaping question" .

Hi guys! I' m having problems with bandwidth guarantees. Maximum bandwidth works, but guarantees not. =/ Note: Even I have nothing configured about " conf sys int" Maximum bandwidth works. But, first I think that is better if I try to understand some concepts. Some questions that I should be clear: 1 - In instance, if I have a firewall policy from LAN to WAN, Traffic Shapping option controls Upload from an internal PC to WAN and Reverse Direction Traffic Shapping controls Download from WAN to an internal PC. Is it right? 2 - I read the Technical Note, but some things was not clear for me. For example, if I want controlling (guarantee) my Download rate so must I configure outbandwitdth for my WAN? I think that I need configuring outbandwidth for LAN interface , right? Follows bellow my confs: Fortigate200B (traffic-shaper) # show config firewall shaper traffic-shaper edit " low-priority" set maximum-bandwidth 768 set per-policy enable set priority low next edit " WTS" set guaranteed-bandwidth 690 set maximum-bandwidth 768 set per-policy enable next edit " low-priority-up" set maximum-bandwidth 128 set per-policy enable set priority low next edit " WTS-up" set guaranteed-bandwidth 104 set maximum-bandwidth 128 set per-policy enable next end Fortigate200B (policy) # show config firewall policy edit 2 set srcintf " WAN" set dstintf " switch" set srcaddr " all" set dstaddr " DNS ipTrust" set action accept set schedule " always" set service " DNS" next edit 4 set srcintf " switch" set dstintf " WAN" set srcaddr " WTS" set dstaddr " Download Virtua" set action accept set schedule " always" set service " ANY" set traffic-shaper " WTS-up" set traffic-shaper-reverse " WTS" set nat enable next edit 3 set srcintf " switch" set dstintf " WAN" set srcaddr " all" set dstaddr " all" set action accept set schedule " always" set service " ANY" set traffic-shaper " low-priority-up" set traffic-shaper-reverse " low-priority" set nat enable next end Did I do Something wrong? Let me know if I was not so clear, but I' m already confused with this situation. I already read the Handbook , too. Thanks guys!!