Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ehammett
New Contributor

Prioritize outbound HTTP traffic for some users?

I wanted to know if it is possible to prioritize outbound HTTP/HTTPS traffic for a few of our internal users? Is there a way to set a rule to set priority for the IP addresses of their workstations (10.0.0.5-10)? Thanks
5 REPLIES 5
rwpatterson
Valued Contributor III

You could use traffic shaping to give them higher priority. Just remember, the default FGT priority is high. You' ll need to go into the CLI and downgrade the default, otherwise setting high with a system wide default of high has no meaning...
config system global
     set tos-based-priority medium
 end
 
Also, by setting the inbound and outbound bandwidth on the WAN port, the firewall knows exactly how much ' room' it has to play with.
    edit " port2" 
         set vdom " root" 
         set dhcp-relay-type ipsec
         set ip xxx.xxx.xxx.xxx 255.255.255.0
         set allowaccess ping https
         set type physical
         set tcp-mss 1470
         set inbandwidth 12800
         set outbandwidth 12800
         set description " Outside (Internet) interface" 
         set alias " Internet" 
         set speed 100full
     next
 

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
ehammett
New Contributor

Thank you Bob. After I downgrade the default can you point me in the right direction for creating a new one for those few IP addresses?
rwpatterson
Valued Contributor III

Create the traffic shaper to the speed you desire, then use it in the policy that covers those IP addresses.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
siomyn
New Contributor III

Hi Bob, when I set the in and out bandwidth with the specific value, whether other traffic will be affected? For example, when I decide to shape the inbandwidth in wan1 traffic to 10Kb, and I make the traffic shaper name FTPShaper max 10Kbps and then I attach the UTM in the policy. Is the http traffic will be limit at 10Kb too?, because we limit 10Kbps in the interface. Thanks in advanced

OMYN

Technical Consultant | Indonesia CCNP Security, Fortinet NSE 

OMYN Technical Consultant | Indonesia CCNP Security, Fortinet NSE
ede_pfau
Esteemed Contributor III

The ' inbandwidth' and ' outbandwidth' parameters only specify the WAN line capacity so that the traffic shaping algorithm can work effectively. They do not impose any limit on the interface' s bandwidth. One more caveat: in FortiOS 4.2 and older, bandwidth was measured in kilobytes per second. In 4.3 and younger, it' s given in kilobits per second. So depending on the version you run you may have to adjust the numbers to avoid strange results.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Labels
Top Kudoed Authors