Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

DSCP vs Traffic shaping

We run SIP services through our customers 50b and 80c and always setup a few defaults which I have outlined below, with all this set we still seem to have a bit of degradation with some calls: -Enable traffic shaping polices to and from the PABX - guaranty 84Kb per SIP channel, and set the Priorty to High. -set the Global default tos-based-priority to medium -Disable the SIP session-helper. Our SIP traffic is being tagged with DSCP of 46, and our ISP has confirmed they prioritise traffic with DCSP of 46 and our ISP is also out SIP trunk provider. I have seen two commands that may also need to be switched on? does anyone know what these commands do to traffic that is already tagged with DSCP 46? set diffserv-forward enable set diffserv-reverse enable Does anyone know if we should be using the Traffic shaping priority in the GUI, or the set diffserv commands in the CLI, or even what the difference is? Thanks
New Contributor

I enabled these two CLI commands on my incoming and outgoing firewall rules that control the PABX traffic, these firewall rules also have the traffic shaping guarantee and priority enabled. set diffserv-forward enable set diffserv-reverse enable After enabling these CLI commands the voice quality was even worse. Maybe these commands are only used if you want to tag a DSCP value to traffic that is not already tagged? and these commands should not be used in conjunction with the traffic shaping priority??
Esteemed Contributor III

set diffserv-forward enable
suggestion: Did you also set the appropiate DSCP codepoint for the traffic for any reverse or forwarded traffic? ie ( under your fwpolicies ) set diffservcode-forward 101110 (aka EF , dec 46 ) That would pass DSCP value 0x46 for any traffic being sent. I would also sniff it out to validate that it' s being set & classified. You ISP/ITSP should also be able to confirm or disconfirm, that' s it' s being set and depending on your switch, you can validate DCSP. If you have cisco, you might want to trust DSCP from the fortigate & ITSP access ports. Either way, get a capture before and after & review the DSCP settings with tcpdump or wireshark. Wireshark, would also be great for voice and telephony analyzer. hope this helps




Top Kudoed Authors