Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortimaster
Contributor

Bad configuration of reverse shapper?

Hi all,

 

I have fortigate with 7.0.12 FortiIOS

 

I have a server that causes problems in my network. The server has an IP from Vlan 100 network with an IP 10.0.4.x/32. I would like to limit his traffic to 250Mbps when it tryes to use more bandwitch more than that. I have only one traffic shapping policy.

 

I've observed than the reverse shapper not works well. Some computers, from another Vlan, have sent more than 250Mbps to the server and the shapper has not worked. Maybe I have configure it bad? I know than the reverse shapper doesn't appear in logs, but I'm sure the server has received more than 250Mbps...

 

I attach you some pictures. Could you help me? Thanks...one.JPGtwo.JPGtree.JPG

 

 

 

8 REPLIES 8
hbac
Staff
Staff

Hi @fortimaster

 

The configuration looks good. How did you test the speed? You can run the following commands to check the session details. It will show if shaper was applied or not. Please replace x.x.x.x with source and destination IP address accordingly. 

 

di sys session filter clear 

di sys session filter src x.x.x.x              

di sys session filter dst x.x.x.x

di sys session list 

 

Regards,

fortimaster

Thanks for your help... I'm not sure if the sessions still active. I had a problem yesterday cause that server received a lot of traffic from some computers at same time...

 

If I check now the sessions with the server IP dst I see empty the traffic shapper "field". 

If I check now the sessions with the server IP SRC I can see some times, sessions with "origin-shaper IP" and reverse shaper with data (and 0 dropped bytes).

 

shapper.JPG

hbac

@fortimaster,

 

Looks like the reply shaper is applied to the traffic which means the bandwidth of 10.0.4.125 will not exceed 250Mbps. You can run speed test to confirm. 

 

Regards, 

fortimaster

Thanks¡

 

I don't understand why yesterday my network was absolutly collapsed. When I search in that time which are causing these problems, I could see that it was that server.

Another strange think is that it is a Wsus server and it's receiving a lot of traffic from user computers and sending a very little traffic. My colleages sai it is impossible and the firewall represent bad the graffics, cause the WSUS sends and not receives.  If traffic shaper worked, I don't understand why my network was collapsed. I have 1Gbps and normally the interface is below 300/100 aprox...
I attach you some logs from that moment. The network stabilizes at 8:50

 

 

Captura5.JPGCaptura3.JPGgrafico.JPG

fortiview.JPG

hbac

@fortimaster,

 

What you are getting on FortiView are total sent and received bytes. The traffic shaper only restricts the bandwidth to 250Mbps (250 Megabit per second). It doesn't restrict the total bandwidth of the connection. 

 

Regards, 

fortimaster

Thanks Hbac... I want than the shapper restricts to 250Mbps maximum speed the send or received bandwitch of that server... And the traffic from the computers to the server bypass the collapsed interface of the attached picture.

I think my network was collapsed, cause that server received more than 250Mbps of traffic during the problem and the shapper didn't work well. If the shapper had worked well I think the affected interface would not have collapsed...

Thanks.

fortimaster
Contributor

Hi,

 

I have tryed an speed test and the reverse shapper didn't work. If I create a new policy (just the reverse policy) to limits the upload it works well. Now the problem it's solved, but I'll open a case so Fortinet can study a possible bug...

fortimaster
Contributor

Thanks for your help. Shapper doesn't work cause a bug. The "receiving" traffic is not checked.

Regards.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors