Skip to main content
ChrisJForti
ChrisJForti
New Member
May 29, 2018
Question

Traffic shaping recommendation v5.6

  • May 29, 2018
  • 1 reply
  • 10717 views

Good morning

 

We currently have Fortigate's rolled out at each of our sites and are looking to tighten up our traffic shaping policies as we are having instances whereby it currently burst the bandwidth, albeit infrequently.

 

Is the recommendation from Fortinet to use Shared > Per Policy shapers?

 

I feel that Shared > All policies using this shaper would be a better fit for our environment but I have been advised that this is not the recommended way from Fortinet and they are trying to move people to Per Policy since the later firmware was released.

 

Any help/advice appreciated.

 

 

    1 reply

    Nicholas_Doropoulos
    Nicholas_Doropoulos
    New Member
    May 29, 2018

    Hello!

     

    The Shared > All policies options applies the shaping rules to all policies using the same shaper. For example, the shaper is set to be per policy with a maximum bandwidth of 1000 Kb/s. There are four security policies monitoring traffic through the FortiGate unit. All four have the shaper enabled. Each security policy must share the defined 1000 Kb/s, and is set on a first come, first served basis. For example, if policy 1 uses 800 Kb/s, the remaining three must share 200 Kb/s. As policy 1 uses less bandwidth, it is opened up to the other policies to use as required. Once used, any other policies will encounter latency until free bandwidth opens from a policy currently in use.

     

    On the other hand, the Shared > Per Policy shaper enables all policies using the configured shaper to have 200Kb/s EACH. This shaper is probably more reliable as all policies will share the same bandwidth and not encounter any latency as a result.

     

    However, it's not really recommended to do either anymore since the above options work with security policies whereas Fortinet now recommends that you use traffic shaping policies instead. Given that you use 5.6, have a look at the video below to see how to go about it:

     

    https://www.youtube.com/watch?v=IZ_ocOJZqbk

     

    I hope that helps.

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    May 29, 2018

    My understanding is "per polcy" vs. "all policies" didn't change from 5.2 or before to 5.4 or after. They work as nick22d explained above and both are still needed depending on what kind of shapers you need. It's a config item in traffic shapers.

    The way to apply the shapers has changed(added) since 5.4. Fortinet TAC recommened us to use shaping-policy instead of security/firewall polices when we were testing our QoS with 5.4.

    ChrisJForti
    ChrisJFortiAuthor
    New Member
    May 31, 2018

    Thanks for the feedback.

     

    I think I am getting confused with this as I believe we are using it the recommended way for v5.6 as we have Traffic Shapers and Traffic Shaping Policy's using the Traffic Shapers.

     

    Can we still not then use either Per Policy or All Policies Using This Shaper as they would both use Traffic Shaping Policys?

     

    I also see your reasoning for Per Policy however I am working on the assumption we would then have bandwidth potentially not being used.

     

    Simplistically I was thinking of doing the following on a 20MB connection, keeping in mind our remote offices connect via RDP and we want to prioritize VOIP and RDP sessions above everything else.  Most other traffic is none work related we are not overly concerned about.

     

    Traffic Shapers

     

    Voice 

    Priority = High

    Guaranteed Bandwidth = 3,072 Kbps

     

    RDP

    Priority = High

    Guaranteed Bandwidth = 2,048 Kbps

     

    The_Rest

    Priority = Medium

    Max Bandwidth = 15,360 Kbps

     

    Traffic Shaping Policy's

     

    VOIP

    Anything on voice VLAN use Voice shaper for shared and reverse

     

    RDP

    Anything using RDP Application use RDP shaper for shared and reverse

     

    The_Rest

    Anything other than the above use The_Rest shaper for shared and reverse

     

    Or would you still recommend having the 15MB broken up with various max bandwidths?

     

    We have been told we should also over provision it so allow currently the 3 shapers we have other than RDP and VOIP to have 20MB in total, working on the assumption it will only max out in scenarios when everything is being maxed out.  This theory doesn't sit well with me.

    Terms & ConditionsAccessibility statement