Users are constantly sending virtual machine backups in ISP networks.

This traffic consumes almost all of the bandwidth available. When the backups are being sent, FortiGate stops correctly sending all of the OSPF networks.

Workaround:

OSPF traffic works over the port 89 in IP. In FortiGate there is already an object define for this service:

config firewall service custom
    edit "OSPF" 
        set category "Network Services"
        set protocol IP
        set protocol-number 89

end

Configure a traffic shaper to prioritize OSPF traffic:

config firewall shaper traffic-shaper
    edit "OSPF_Priority"
        set guaranteed-bandwidth x <----- Replace x with the bandwidth in Kbps.
        set maximum-bandwidth x <----- Replace x with the bandwidth in Kbps.
        set per-policy enable
next

Configure a traffic shaper policy using the OSPF traffic shaper to prioritize an OSPF service:

config firewall shaping-policy
    edit 1
        set uuid 4325d168-a6e2-51f0-ad1c-1c044dfdcb18
        set name "OSPF_Priority"
        set service "OSPF"
        set srcintf "port2"
        set dstintf "port1"
        set traffic-shaper "OSPF_Traffic"
        set traffic-shaper-reverse "OSPF_Traffic"
        set srcaddr "all"
        set dstaddr "all"
    next