Hello,
I want to throttle UDP outgoing traffic in a FG. More specifically, I want to restrict the UDP DNS requests per second over a WAN link. What is the most efficient way to do that, if any? Can this be done with traffic shaping or do you have any other way to do that?
Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I've not done this specifically and I don't know if there is a better way of doing this, but in my environment I would create a rule and place it before everything else and begin with a throttle rule to the dns server or on just dns traffic. Now, you need to be careful here since you could potentially impact your internal network by doing it as an any rule, so be sure to apply it on the wan link only.
If this is a huge issue for you I would suggest doing a packet capture to see what all these requests are that they are using up enough bandwidth to cause an issue. Hopefully you can get another response that may better address this.
https://help.fortinet.com...m?Highlight=throttling
-Tim
Thanks for the reply.
So, you are proposing to do traffic shaping, which means that we have to do bandwidth throttling. Ideally I would prefer the option of throttling DNS requests per second (something like FortiOS DoS thresholds but in the outbound traffic), but I know this is probably not supported.
To answer your second question, it seems this is an issue to my customer, because the FG is in a cruise ship, where the bandwidth over satellite is an expensive resource. On the other hand, DNS throttling might break the network down. I'm not sure if this is going to work anyway...
I would review this section:
however; I would definitely be very careful on throttling UDP traffic.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.