Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Change traffic shaping based on the SD-WAN link status

We have two ISP uplinks connected to a 100F firewall. One is 500 Mbps and another is 100 Mbps. The management wants to route the business apps through the fast link and use the slow one for the guest/lunchroom WiFi. That one is pretty easy.

However, they also would like to limit the bandwidth available to the guest network in case the primary fails and everything has to go through the 100M pipe. Say, limit the guests to 10Mbps. If the backup line fails it's fine for the guest WiFi to have no Internet.

I know how to do traffic shapers and apply them to the rules, but how do I set it up so that it only applies in the case of the failover and does not limit guests to 10Mbps all the time?

Hope someone has stumbled upon this before :)

router login 192.168.l.l

One single thing comes to mind right now, in order of how to automate this.

Using automation stiches, configure one to look for a ForitOS event like Interface link status changed and then as a action, just issue the CLI commands that will actually create a firewall shaping policy for the wifi users and limit the traffic.

I think that you can do the reverse and remove the policy when the interface comes up.


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors