Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
otsaggos
Staff
Staff

Created on ‎12-30-2022 04:37 AM Edited on ‎02-05-2024 06:40 AM By Moderator

Article Id 241512

Troubleshooting Tip: Troubleshooting traffic shaping

Description

 

This article provides troubleshooting commands for possible traffic shaper issues.

 

Scope

 

FortiGate 6.0, 6.2, 6.4, 7.0

 

Solution

 

Check ethernet statistics

To optimize traffic shaping performance, run the following command:

 

diagnose hardware deviceinfo nic <interface_name>

 

This command will provide information about Ethernet statistics for the network interfaces. It will show possible errors, collisions, or buffer overruns.

 

Check traffic shaper information

 

To see information about ToS lists and traffic run the following command:

 

diagnose sys tos-based-priority

 

The output will show the priority value that's currently associated with each possible ToS bit value. The values range from 0 to 15.

 

Check information about Shared and per IP traffic shapers

 

For shared policy:

Run the following command to check information about shared policy traffic, such as max, guaranteed, and current bandwidth, including priorities and packets and bytes, dropped.

 

diagnose firewall shaper traffic-shaper list

 

For per-IP policy:

Run the equivalent command for per-IP shared policy:

 

diagnose firewall shaper per-ip-shaper list

 

This provides information about shared policy traffic, as well as max, guaranteed, and current bandwidth, including priorities and packet and bytes, dropped

 

Additionally to see traffic shaper statistics (combined) from CLI

 

diagnose firewall shaper traffic-shaper stats              

 

Note:

Shared Shapers affect upload speed, but all users share the set bandwidth. For example, if a shared shaper of 100Mbps is set for YouTube, everyone uploading to YouTube shares that 100Mbps. (To limit the download speed from YouTube, apply the shared shaper as a Reverse Shaper.)

 

  • Bandwidth management of security policies
  • Applies a total bandwidth to all traffic using the shaper
  • The scope can be per-policy or for all policies referencing the shaper

 

Per-IP Shapers affect the speed of the nominated users (via ip). So if the entire network is set to a per-IP shaper of 1Mbps, every user will be allocated 1Mbps of bandwidth (assuming there is enough bandwidth on the outgoing link). Even if there's only one user on the network, they will only be able to use 1Mbps. If there are ten users, each can use 1Mbps for a total of 10Mbps.

 

  • Bandwidth management of user IP addresses
  • Allows you to apply traffic shaping to all source IP addresses in the security policy
  • Bandwidth is equally divided among the group
Labels:
4276
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.