Dear community,
We are using a shaping profile on wan1 to prioritize the traffic with shaping policies using 5 classes.
It's working fine but I have noticed that the IPSec tunnel under wan1 is not being classified.
In the policies, I cannot select the tunnel interface to make it classified as high priority.
Should I apply an outbound shaping profile to the tunnel interface ? or what is the best practice to classify the tunnel traffic ?
Thanks for support
Greetings,
A traffic shaping policy can be used for interface-based traffic shaping by organizing traffic into 30 class IDs.
In the traffic shaping policy, you can select the ipsec virtual tunnel interface to create policy.
I checked on fortios patch 7.2.7. What is your fortios version?
Document for the reference: https://docs.fortinet.com/document/fortigate/6.2.16/cookbook/647914/interface-based-traffic-shaping-...
Regards!
If you have found a solution, please like and accept it to make it easily accessible to others.
Hello,
I'm running 7.0.9.
I cannot see my VPN interface in the Source Interface list.
What I did now to make sur the tunnel does not go offline if there is heavy traffic is to prioritize the ipsec protocol like that :
Am I correct ?
Thanks for support
config firewall shaping-policy
edit 8
set name "HIGH_IPSEC"
set service "ESP" "IKE" "G-A-CAPWAP"
set dstintf "virtual-wan-link"
set class-id 9
set srcaddr "all"
set dstaddr "all"
next
end
edit 5
set class-id 9
set priority critical
set guaranteed-bandwidth-percentage 10
set maximum-bandwidth-percentage 100
next
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.