Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Contributor II

Throttling UDP sessions



I want to throttle UDP outgoing traffic in a FG. More specifically, I want to restrict the UDP DNS requests per second over a WAN link. What is the most efficient way to do that, if any? Can this be done with traffic shaping or do you have any other way to do that?



New Contributor II

I've not done this specifically and I don't know if there is a better way of doing this, but in my environment I would create a rule and place it before everything else and begin with a throttle rule to the dns server or on just dns traffic.  Now, you need to be careful here since you could potentially impact your internal network by doing it as an any rule, so be sure to apply it on the wan link only.


If this is a huge issue for you I would suggest doing a packet capture to see what all these requests are that they are using up enough bandwidth to cause an issue.  Hopefully you can get another response that may better address this.



Thanks for the reply.


So, you are proposing to do traffic shaping, which means that we have to do bandwidth throttling. Ideally I would prefer the option of throttling DNS requests per second (something like FortiOS DoS thresholds but in the outbound traffic), but I know this is probably not supported.


To answer your second question, it seems this is an issue to my customer, because the FG is in a cruise ship, where the bandwidth over satellite is an expensive resource. On the other hand, DNS throttling might break the network down. I'm not sure if this is going to work anyway...

New Contributor

I would review this section:


however; I would definitely be very careful on throttling UDP traffic. 


Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors