Hey guys,
I have a case where I'd like to be able to Traffic Shape (Limit maximum bandwidth) traffic that travels over an IPSEC Tunnel. I was trying to see if this was even possible.
In the Traffic Shaping Reference Manual, there's the following paragraph:
VLAN, VDOM and virtual interfaces Policy-based traffic shaping does not use queues directly. It shapes the traffic and if the packet is allowed by the security policy, then a priority is assigned. That priority controls what queue the packet will be put in upon egress. VLANs, VDOMs, aggregate ports and other virtual devices do not have queues and as such, traffic is sent directly to the underlying physical device where it is queued and affected by the physical ports. This is also the case with IPsec connections.
Does this mean that I will not be able to shape the IPSec tunnels? Will another method work?
Appreciate any insight!
"...VLANs, VDOMs, aggregate ports and other virtual devices ...his is also the case with IPsec connections." this applies just for the priority. "...Limit maximum bandwidth" works and works fine.
 
					
				
				
			
		
| User | Count | 
|---|---|
| 2677 | |
| 1412 | |
| 810 | |
| 703 | |
| 455 | 
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.