Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
SeakleangHeng
New Contributor

Inaccurate Traffic shapers

Traffic shaper in my FortiGate is not accurate and sometimes it doesn't work. I create several Per-IP traffic shapers profiles, then i apply in into policy. When i test internet speed in website speedtest.net. The speed is under what i limit. when i monitor it for one more day, all traffic shapers doesn't work and user can access the internet with full speed, while i haven't changed any configuration. Sometimes traffic shapers is under what is limit. sometimes all user can access the internet with full speed.

Here is my configuration.

 

config firewall shaper per-ip-shaper     edit "3-MB"         set max-bandwidth 3072     next

config firewall policy     edit 16

        set srcintf "port11"         set dstintf "port9" "port10"         set srcaddr "200.200.4.1-200.200.4.30_3MB"         set dstaddr "all"         set action accept         set schedule "always"         set service "ALL"         set utm-status enable         set av-profile "default"         set webfilter-profile "Block_BadSite"         set spamfilter-profile "default"         set ips-sensor "default"         set application-list "Block_Torrent"         set profile-protocol-options "default"         set ssl-ssh-profile "certificate-inspection"         set per-ip-shaper "3-MB"         set nat enable

1 Solution
ede_pfau
Esteemed Contributor III

Hi,

 

I wouild split this policy into 2, one for each destination port. Chances are that counting is simply wrong if you have a policy for multiple interfaces.


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

Ede"Kernel panic: Aiee, killing interrupt handler!"
1 REPLY 1
ede_pfau
Esteemed Contributor III

Hi,

 

I wouild split this policy into 2, one for each destination port. Chances are that counting is simply wrong if you have a policy for multiple interfaces.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors