Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mattchow_FTNT
Staff
Staff

Created on ‎05-19-2022 01:40 AM Edited on ‎05-19-2022 11:37 PM By Community Manager

Article Id 212551

Technical Tip: How to configure traffic shaper on Virtual IPs

Description

The article describes how to configure traffic shaper on Virtual IPs.

After configuring the Virtual IP, try to include it into 'Traffic Shaping Policy' as shown below, but there is no Virtual IP can be found in the list 'Destination'.

 

mattchow_FTNT_1-1652946189952.png

 

 
Scope FortiGate.
Solution

The traffic shaper of Virtual IP can be configured using normal 'IPv4 Policy' as shown in the CLI commands example below.

 

1) Create the shared traffic shapers:


# config firewall shaper traffic-shaper
    edit "10Mbps"
    set guaranteed-bandwidth 10000
    set maximum-bandwidth 20000
    next
end

 

2) Create a firewall policy:


# config firewall policy
    edit 1
    set name "Internet Access"
    set srcintf "port10"
    set dstintf "port9"
    set srcaddr "all"
    set dstaddr "virtual ip"
    set action accept
    set schedule "always"
    set service "ALL"
    set traffic-shaper "10Mbps"
    set traffic-shaper-reverse "10Mbps"
    set nat disable
end

 

 

After configuring the traffic shaper via CLI, the 'Traffic Shaping' option will be prompted in the GUI as below:

mattchow_FTNT_2-1652946622333.png

 
1095
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.