Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
AnthonyH
Staff
Staff

Created on ‎10-16-2024 10:15 PM Edited on ‎10-16-2024 10:16 PM By Moderator

Article Id 349880

Technical Tip: FortiView Traffic Shaping 'No Results' for per-ip shaper

Description

This article describes when adding the FortiView Traffic Shaping dashboard widget why there is no result displayed.
Scope FortiGate.
Solution

Under Dashboard -> Status the following widget, FortiView Traffic Shaping by bytes has been added, however there are no results.

 

fortiview_no_results.png

 

Navigate to Policy & Objects -> Traffic Shaping -> Traffic Shapers. In this example, the per-ip shaper, 'test_shaper' was created.

 

per-ip-shaper.png

 

The per-ip shaper has been applied to the Traffic Shaping Policy:

 

traffic_shaping_policy_per-ip.png

 

In the Traffic Shapers, it is actively being used and applied to the LAN network, however, the FortiView Traffic Shaping dashboard widget still displays 'No results'.

 

traffic_shapers_stats.png

 

The FortiView Traffic Shaping widget by design only displays information for forward shapers (shared shapers). By changing the Traffic Shaping Policy to use a shared shaper, the widget now displays information about the shared shaper.

 

shared_shaper_policy.png

 high_priority.png

 

To find information about the per-ip shaper use the following commands in the CLI:

 

diagnose firewall shaper per-ip-shaper list

name test_shaper

maximum-bandwidth 1250 KB/sec

maximum-concurrent-session 0

maximum-concurrent-tcp-session 0

maximum-concurrent-udp-session 0

tos ff/ff

packets dropped 200487

bytes dropped 271172875

        addr=192.168.0.3 status: bps=7528576 ses=229 (tcp-ses=166 udp-ses=63)

 

diagnose sys session list | grep -A 15 <shapers_name>

diagnose sys session list | grep -A 15 test_shaper

per_ip_shaper=test_shaper

class_id=0 shaping_policy_id=1 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255

state=log may_dirty per_ip ndr f00 app_valid log-start

statistic(bytes/packets/allow_err): org=3858/18/1 reply=2160/19/1 tuples=3

tx speed(Bps/kbps): 58/0 rx speed(Bps/kbps): 32/0

orgin->sink: org pre->post, reply pre->post dev=4->11/11->4 gwy=10.9.15.254/0.0.0.0

hook=post dir=org act=snat 192.168.0.3:51920->34.160.236.64:443(10.9.10.119:51920)

hook=pre dir=reply act=dnat 34.160.236.64:443->10.9.10.119:51920(192.168.0.3:51920)

hook=post dir=reply act=noop 34.160.236.64:443->192.168.0.3:51920(0.0.0.0:0)

pos/(before,after) 0/(0,0), 0/(0,0)

src_mac=00:45:6e:64:71:02

misc=0 policy_id=1 pol_uuid_idx=15755 auth_info=0 chk_client_info=0 vd=0

serial=00165655 tos=ff/ff app_list=2000 app=40568 url_cat=0

rpdb_link_id=00000000 ngfwid=n/a

npu_state=0x001101 no_offload

no_ofld_reason:  disabled-by-policy redir-to-ips denied-by-nturbo
150
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.