Description
This article describes how to limit the bandwidth at interface level.
Solution
The traffic received on an interfaces can exceed the maximum bandwidth limit defined in the security policy.
Thus waste processing power on packets that will get dropped later in the process, configure the FortiGate to preemptively drop excess packets when it is received at the source interface.
A similar command is available to the outgoing interface.
To configure an interface bandwidth limit from the GUI.
1) Go to Network -> Interfaces.
2) Edit port1.
3) In the Traffic Shaping section set the following options:
- Enable Inbound Bandwidth and enter 200. The default bandwidth unit is kbps.
- Enable Outbound Bandwidth and enter 400.The default bandwidth unit is kbps.
4) Select 'OK'.
To configure an interface bandwidth limit from the CLI.
# config system interface
edit "port1"
.....
set inbandwidth 200
set outbandwidth 400
.....
next
end
NP6 interfaces on FortiGate devices don’t fully support bandwidth limits. When you set the outbandwidth setting on an NP6 interface, the FortiGate implements a lower bandwidth limit than the one that you configure. The inbandwidth setting has no effect on an NP6 interface unless NP offloading is disabled for the traffic on that interface.
Set auto-asic-offload disable in a dedicated firewall policy for inbandwidth setting to take effect.
# config firewall policy
edit <Policy-ID>
set auto-asic-offload disable
end
Related Article:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/967483/configuring-interface-based-traff...
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.