Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Sadhi_Jayz
New Contributor II

Created on ‎03-05-2025 05:09 AM

Applying Traffic Shaping Profiles with SD-WAN

Hello Fortinet Community,

 

I have configured a traffic shaping profile on my FortiGate firewall, along with a traffic shaping policy where I have assigned a Class ID. However, I am unsure about the correct way to apply the traffic shaping profile to interfaces and set the outbound bandwidth.

In my traffic shaping policy, I have selected the destination interface as the virtual-wan-link (WAN1 + WAN2) as the outgoing interface. My question is: if I apply the traffic shaping profile separately to WAN1 and WAN2, will the traffic shaping function as intended?

 

1.png

 

2.png

 

I would appreciate any clarification or best practices regarding this setup.

Thank you!

278
0 Kudos
4 REPLIES 4
adambomb1219
SuperUser
SuperUser

Created on ‎03-05-2025 05:43 AM

Why do you want to do this?  Do you actually have a bandwidth problem?

263
Sadhi_Jayz
New Contributor II
In response to adambomb1219

Created on ‎03-05-2025 05:56 AM

Yes, the reason for implementing traffic shaping is to ensure that WAN traffic is prioritized based on business needs. In our case, we need to prioritize traffic for four categories of users:

VIPs – Highest priority

Managers – High priority

Engineers – Medium priority

Juniors – Low priority

251
0 Kudos
adambomb1219
SuperUser
SuperUser
In response to Sadhi_Jayz

Created on ‎03-05-2025 07:15 AM

Right but do you actually not have enough bandwidth for your needs?  I don't see many customers implement QoS/shapers at all unless they have a VERY slow and low bandwidth uplink like legacy satellite, DSL, or something else.  In today's world with prolific broadband and high bandwidths shapers are rarely necessary.

245
0 Kudos
Toshi_Esumi
SuperUser
SuperUser

Created on ‎03-05-2025 08:15 AM

I haven't tested it myself yet. But it should work because traffic shaping/QoS is separate network control components/mechanisms with FGT. If doesn't work as you expect, you should open a ticket at TAC to get it looked at. 


Traffic shapping/QoS is still necessary because not all users can afford multiple symmetric/high bandwidth circuits, like your home, or mixing in satellite and/or LTE because multiple wired network services are not available at the location, or because of some unusual network traffic characteristics, which would impact quality of time sensitive traffic.
Some of our customers even demand it even when they have very highbandwidth circuit(s). And, other SD-WAN vendor's technologies/implementation might include traffic-shaping/QoS as a part of SD-WAN. I know at least one major/popular provider does it. FTNT's/FGT have them separated.

You can't simply dismiss user's requirements when you sell something. Because they might buy those products based on the catalog features. At least most of our customers buy SD-WAN products because they just want SD-WAN, not because they really need SD-WAN, even when they got only one circuit in some cases. If we say "you don't need it", they would go other vendor.

Toshi 

 

234
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.