- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate as a bandwidth controller
- Labels:
-
Next Generation Firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There are some criteria that you must consider for the Appliance Fortigate (Box)
- FortiASIC
- Physical ports
For the VM look here: https://www.fortinet.com/br/products/virtualized-next-generation-firewall/faqs.html
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NP4 traffic shaping offloading
Accelerated Traffic shaping is supported by NP4 processors with the following limitations.
-
NP4 processors support policy-based traffic shaping. However, fast path traffic and traffic handled by the FortiGate CPU (slow path) are controlled separately, which means the policy setting on fast path does not consider the traffic on the slow path.
-
The port based traffic policing as defined by the inbandwidth and outbandwidth CLI commands is not supported.
-
DSCP configurations are supported.
-
Per-IP traffic shaping is supported.
-
QoS in general is not supported.
NP4Lite processors do not support traffic shaping for offloaded sessions.
You can also use the traffic shaping features of the FortiGate unit's main processing resources by disabling NP4 offloding. See Disabling NP offloading for firewall policies.
https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-hardware-acceleration/NP4.htm
=======...
NP6 processors and traffic shaping
NP6-offloaded traffic supports traffic shaping just like any other traffic with one exception: configuring in bandwidth traffic shaping has no effect on NP6 accelerated traffic. In bandwidth traffic shaping sets the bandwidth limit for incoming traffic for an interface.
Out bandwidth traffic shaping is supported. Out bandwidth traffic shaping sets the bandwidth limit for outgoing traffic for an interface. You can use the following command to configure out bandwidth traffic shaping:
config system interface
edit port1
set outbandwidth 2000
end
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-hardware-acceleration-52/NP6.htm
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I want to control the bandwidth of approximately two thousand users, understanding as a user a terminal equipment (CPE), which is not necessarily in a LAN, but in a routed segment and / or in a different geographical area. Each CPE could have an IP (/ 30) or more (/ 29, / 28, etc.), the traffic is approximately 1Gbps in the outgoing interface.
How could I know if a VM or a Chassis is better for me?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If your proposed design is based on interface-based shaping, go with a VM because the shaping will be CPU-based and an NP-accelerated box has no direct added value
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My design is based on traffic shaping policy, create an Address, create Traffic Shapers, where I set different types of shared type speeds, since I want to limit each user (cpe) up and down speed. Then for each user create a traffic shaping policy.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
