Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Mohammad
New Contributor

Help with FortiGate Traffic shapping...

Hello,

 

We have FortiGate 6.4.9, my question about Traffic shapping policy i can configure the speed with ip address and work fine,

Now i configure the speed by username but don't work, for example:

User1  max speed 10MB

User2 max speed 20MB

 

don't apply to username when i use the username and ip in Traffic shapping policy.

 

Thank you

12 REPLIES 12
funkylicious
SuperUser
SuperUser

I don't think that you can limit per user/name, don't remember reading something about this.

"jack of all trades, master of none"
"jack of all trades, master of none"
Mohammad

Hello,

 

But in the document here:

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/885253/per-ip-traffic-shaper

say allocates each user/IP address, or they mean by ip only ?

funkylicious

I think that they mean the fact that each user which has a unique IP in the network, that's why it's referenced as user/IP.

Since in the example in the firewall rules or traffic shaping, there isnt referenced a user or group I would think that is the case.

"jack of all trades, master of none"
"jack of all trades, master of none"
Mohammad

But in fortigate traffic shipper police i can select username or group the option there buf as i say if i select username and ip thw police not working 

gfleming

The Fortigate needs to have a means of knowing who the users are. You need something like FSSO so the FortiGate can know which user is which on the network.

Cheers,
Graham
Mohammad

Hello,

 

The fortigate should know the user becouse we use proxy to give user access to the Internet or do i need FSSO, if we need FSSO  can we replace it with Aruba clearpass??

 

Thanks 

gfleming

can you please show your traffic shaping policy?

Cheers,
Graham
gfleming

Also how are your users authenticating to the proxy?

 

Do you see them listed in 'diag firewall auth list'?

Cheers,
Graham
Mohammad

Hello, gfleming,

I connect the LDAP with a proxy so the user connects to the internet, yes like you say my problem with authenticating is I can't use it with a proxy i find it here but old post:

https://www.fortinetguru.com/2017/02/the-fortigate-explicit-web-proxy/2/
i don't know if they add in the new version

 

Do you see them listed in 'diag firewall auth list'?

yes I can see the users in FortiGate proxy vdom.

 

----------------------------------

 

if i use another vdom to make the user access the internet by configure both Firewall Policy and Traffic Shaping Policy with IP and user without use proxy in PC it work!! by give me login page to enter username and password.

 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors