1. In FortiGate, configure 'set inbandwidth xx' and 'set outbandwidth xx' with interface-based traffic shaping setting (set egress-shaping-profile xxx) at the FortiGate interface on the NP7 platform via a CLI command, as shown below.

config system interface

edit <interface’s name>

set inbandwidth 1950000

set outbandwidth 1950000

set egress-shaping-profile “testTrafficShapingProfile”

next

end

config firewall shaping-profile

    edit "testTrafficShapingProfile"

        set default-class-id 2

            config shaping-entries

                edit 1

                    set class-id 2

                    set priority top

                    set guaranteed-bandwidth-percentage 1

                    set maximum-bandwidth-percentage 100

                next

            end

        next

    end

2. Test to pass the traffic with many packet sizes until the packet size is larger than 6000 bytes. FortiGate will block the traffic with the packet size which is larger than 6000 bytes under that setting interface.

To fix:

1. For a workaround with a temporary fix: Unset the egress-shaping-profile under the interface with the following CLI command:

config system interface

edit <interface’s name>

unset egress-shaping-profile

next

end

2. For a permanent fix: upgrade the FortiGate firmware version to be v7.2.11, v7.4.8, v7.6.1 and above.