Hi All,
We have a policy for a particular subnet, mainly for web-filtering, that is chocking the sites inbound traffic. The policy is virtually identical to the policy for the rest of our subnets apart from it not do any user mapping because this subnet is not in our Active Directory. After disabling the policy, the site functions at the full speed of it's WAN link (50/20). When the policy is enabled we are getting <1mb/s down and about 5mb/s up.
The Policy specifies the source as the particular subnet with default AV, APP and SSL inspection, IPS is set to high security and we have custom Web Filtering (the same as all other subnets though)
There is a single Traffic Shaping Policy (which I believe is the default?) that is set to Medium Priority. There are five Traffic Shapers (which I believe are also defaults?) but none are being referenced.
No Traffic Shaping Profiles are setup.
Does anyone have any idea as to why this policy would be throttling the bandwidth so drastically?
I would go through a general troubleshooting/discoverly process with the policy since it seems to be the only factor, then have nothing to do with traffic-shaping. But I would remove the shaping-policy first since there is no default shaping-policy, to eliminate it.
Then remove whatever in the policy one-by-one to see which is affecting to the symptom. I would do with the web-filtering profile first.
Thanks Toshi,
I will have a look into it further when I get the chance (which may be a week or so). The traffic-shaping policy is set to apply to all traffic so I don't think that would have anything to do with it. As you said, it seems to be something in the IPv4 Policy. I'll report back once I have gone through it in more detail.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.