I am having an issue with a Fortigate 200D (v5.2.3,build670 (GA)) as I can't traffic shape (and throttle down) Aspera application.
Let me be more specific and explain the situation.
I have a 200D which has a 100Mbps WAN connection and 4 VLANs in it.
I have individual policies for each VLAN that allows them to go to the WAN.
VLAN 983 has a traffic shaper in the WAN policy that allows a MAX bandwidth of 75Mbps
Now VLAN 983 is using an application called ASPERA which is a UDP file transfer tool.
When they create a session with the remote server and start a data transfer, the WHOLE 100Mbps of the WAN is used leaving all other VLANs without internet connection.
I have added an Application Control Policy on top of the existing WAN policy that gives ASPERA 45Mbps MAX but that does not seem to have any effect...
I can see the traffic from VLAN 983 is limited to ~42Mbps but the WAN traffic is still over 85Mbps...
All other VLANS combined used around 3Mbps bandwidth at the time of the screenshots.
In addition, FortiView shows that it has identified Aspera and the shaper is in effect but the WAN utilisation is at 85% +
Any suggestions on how to enforce the shaper on the WAN and actually use 45Mbps MAX when Aspera is in use?
Thank you in advance,
Sorry to inform you , "you can't traffic shape inbound traffic" Provide details of your TS and policies but it sounds like this is a internet download and your trying to TS inbound on WAN ( srcintf ).
emnoc wrote:Sorry to inform you , "you can't traffic shape inbound traffic" Provide details of your TS and policies but it sounds like this is a internet download and your trying to TS inbound on WAN ( srcintf ).
Thank you for your reply!
Please find below the screenshot for the TS and Policy.
Aspera 45MAX TS
VLAN 983 75MAX TS
VLAN 983 -> WAN Policy
The shapers in the policy, aren't they supposed for one to throttle inbound and the other outbound (reverse)?
Would like to know if you were successful in throttling Aspera, unfortunately we are also facing the same issue.
Fortigate 80C v5.2.8,build727
anthrg wrote:Would like to know if you were successful in throttling Aspera, unfortunately we are also facing the same issue. ThanksAnanth
Yes, we managed to throttle Aspera by upgrading the firewall to version 5.4.0 and creating a rule in application control for Aspera and not throttle it through the IPv4 Policy.
This way, instead of getting the TCP/UDP port that the Aspera Service is using, we are using the applications' signature and it seems to be working so far.
Hope this helps.
Thanks Thanasis, that was quick!, much appreciated for taking time to reply.
We are on 5.0, will upgrade soon.