- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Shared and Per-IP Traffic Shaper
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Shared and Per-IP Traffic Shaper
Hi guys,
Could anyone explain the difference between Shared and Per-IP traffic shapers? I ask this because the Fortinet documentation is different depending on the origin.
According to the Fortinet cookbook:
A Shared shaper affects upload speeds whereas Per-IP shaper affects both upload and download speeds.
According to the FortiOS Handbook and NSE4:
Shared Shaper: A shared shaper applies a total bandwidth to all traffic using that shaper. The scope can be per-policy or for all policies referencing that shaper.
Per-IP Shaper: A per-IP shaper allows you to apply traffic shaping to all source IP addresses in the security policy, and bandwidth is equally divided among the group.
Do you see the difference? What is correct?
Regards,
Julián
Solved! Go to Solution.
Labels:
4 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Those two explanations are not necessarily different.
My understanding is as follows.
Shared Shapers affect upload speed, but all users share the set bandwidth. For example, if you set a shared shaper for Youtube of 100Mbps, then everyone uploading to youtube shares that 100Mbps. (If you want to limit the download speed from Youtube then you need to apply the shared shaper as a Reverse Shaper).
Per-IP Shapers affect the speed of the nominated users (via ip). So, if you set your entire network to a Per-IP shaper of 1Mbps, then every user will be allocated 1Mbps of bandwidth (assuming you have enough bandwidth on your outgoing link). Even if there's only one user on the network, then they will only get that 1Mbps. If there are ten users, then each gets 1Mbps for a total of 10Mbps.
Hope this helps.
Cheers,
Chris.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To say it short:
a shared shaper will share the specified bandwith among all hosts affected by the policy it is applied to (i.e. limits the total traffic).
a per ip shaper will grant the specified bandwith to any single host affected by the policy it is applied to (i.e. limits the traffic per ip).
e.g. shared shaper on 192.168.1.0/24 with 1mbit will mean all 254 Hosts together will get maximally 1mbit.
per-ip-shaper on 192.168.1.0/24 with 1mbit will mean every single one of the 254 Hosts will get maximally 1mbit each.
hth
Sebastian
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What you mean is forward and reverse. That allows you to specify a shaper for upload and annother for download.
Shared means the specified bandwidth will be shared among all hosts the policy applies to.
Per Ip means the specified bandwith will not be shared among all hosts the policy appliles to. Instad every single host will be limited to that bandwith. If you use a per-ip shaper to even grant bandwith this will sum up per host.
Probably that is the easier way to understand that:
If you grant 1mbit to a group of hosts via shared shaper then this group alltogether get granted 1mbit.
If you do via per-ip-shaper then every single member get granted 1mbit. So the group alltogether in this case gets granted bandwith that is number of its members times 1mbit.
Or if you want the other way round: shared: all affected hosts share that bandwith - per ip: no sharing. Every single affected host gets that bandwith.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To complete i use a shared shappers and Per-IP Shaper at the same time.
For me i define shared shappers for internet, shared shappers for email and shared shappers for VPN. Afer i define Per-IP shared for each type of the access.
All days people obtain a regular flow for all their work. Before i apply this method often heard 'on morning it's very quick and after is too slow" Today all is fine for me.
I must add set per-policy enable on each shared shappers if not control of bandwith doesn't work well.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Those two explanations are not necessarily different.
My understanding is as follows.
Shared Shapers affect upload speed, but all users share the set bandwidth. For example, if you set a shared shaper for Youtube of 100Mbps, then everyone uploading to youtube shares that 100Mbps. (If you want to limit the download speed from Youtube then you need to apply the shared shaper as a Reverse Shaper).
Per-IP Shapers affect the speed of the nominated users (via ip). So, if you set your entire network to a Per-IP shaper of 1Mbps, then every user will be allocated 1Mbps of bandwidth (assuming you have enough bandwidth on your outgoing link). Even if there's only one user on the network, then they will only get that 1Mbps. If there are ten users, then each gets 1Mbps for a total of 10Mbps.
Hope this helps.
Cheers,
Chris.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Chris,
Very good explanation, more clear.
Thanks,
Julián
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To say it short:
a shared shaper will share the specified bandwith among all hosts affected by the policy it is applied to (i.e. limits the total traffic).
a per ip shaper will grant the specified bandwith to any single host affected by the policy it is applied to (i.e. limits the traffic per ip).
e.g. shared shaper on 192.168.1.0/24 with 1mbit will mean all 254 Hosts together will get maximally 1mbit.
per-ip-shaper on 192.168.1.0/24 with 1mbit will mean every single one of the 254 Hosts will get maximally 1mbit each.
hth
Sebastian
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To complete i use a shared shappers and Per-IP Shaper at the same time.
For me i define shared shappers for internet, shared shappers for email and shared shappers for VPN. Afer i define Per-IP shared for each type of the access.
All days people obtain a regular flow for all their work. Before i apply this method often heard 'on morning it's very quick and after is too slow" Today all is fine for me.
I must add set per-policy enable on each shared shappers if not control of bandwith doesn't work well.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
in configuration i see that shared means upload, and reverse means download shared for many ip or user and per-ip only one user/ip
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What you mean is forward and reverse. That allows you to specify a shaper for upload and annother for download.
Shared means the specified bandwidth will be shared among all hosts the policy applies to.
Per Ip means the specified bandwith will not be shared among all hosts the policy appliles to. Instad every single host will be limited to that bandwith. If you use a per-ip shaper to even grant bandwith this will sum up per host.
Probably that is the easier way to understand that:
If you grant 1mbit to a group of hosts via shared shaper then this group alltogether get granted 1mbit.
If you do via per-ip-shaper then every single member get granted 1mbit. So the group alltogether in this case gets granted bandwith that is number of its members times 1mbit.
Or if you want the other way round: shared: all affected hosts share that bandwith - per ip: no sharing. Every single affected host gets that bandwith.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I think Fortinet should consider reviewing its documentation since it is ambiguous. According to Fortinet if you grant for example 10 Mbps to a group of 10 host via per-IP shaper, that bandwidth is equally divided among the group and therefore every host will get 10/10 Mbps = 1 Mbps.
The following is a NSE4 excerpt:
Per-IP Shaper: A per-IP shaper allows you to apply traffic shaping to all source IP addresses in the security policy, and bandwidth is equally divided among the group.
Regards,
Julián
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What will happen if there are 2 traffic shapers applied to a single IP . Should it take the priority of the shaper applied over the top?
Omkar
Omkar
Related Posts
- Registration of FortiGate and FortiCloud Issues 334 Views
- Allowing Inter-Vlan Communication 609 Views
- Traffic shaping Policy issue 391 Views
- Traffic Shaping For A Specific Destination... 304 Views
- Hub receives IKE packet from new... 607 Views
Labels
-
FortiGate
6,449 -
FortiClient
1,287 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
66 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
DNS
11 -
Interface
11 -
BGP
10 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.