- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- RE: ToS byte values for QoS on 4.0MR2
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ToS byte values for QoS on 4.0MR2
Hi Guys,
I am trying to configure system-wide prioritisation for DSCP EF using ToS-based priority. I had a look at the Fortigate traffic shaping guide, but I find the documentation quite confusing.
Here' s what it says:
Use the following command to list command to view information of the TOS lists and traffic. diagnose system tos-based-priority This example displays the priority value currently correlated with each possible TOS byte value. Priority values are displayed in order of their corresponding TOS byte values, which can range between 0 and 15, from lowest TOS byte value to highest. For example, if you have not configured TOS-based priorities, the following appears... 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ...reflecting that all packets are currently using the same default priority, high (value 0).Obviously, Fortinet uses 4 bits for the TOS values, but the original bit has 8. For example, for DSCP EF the TOS byte would be 101 110 00 with a decimal value of 184. Any idea how Fortigate maps these bits and how would the TOS values be calculated?
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I agree that the documentation is very confusing. It would be incredibly helpfull if they would simply add a column with the 0-15 decimal value required in the DSCP to TOS table they put in the traffic shaping handbook.
The answer to your question is 12. DSCP EF (46) is equivalent to TOS 184 as you mentioned, which converted to binary is 10111000. Take bits 3-6 (leftmost bit being 0, rightmost being 7) which would be 1100 in this instance, and convert to Decimal to get the required value of 12.
Now - if only my fortigates running 4.0 MR3 would actually accept the commands the manual says to use for configuring this I would be all set. My issue is, I type the following and receive no errors whatsoever:
config system tos-based-priority
edit 12
set tos 12
set priority high
next
end
However, if I view the configuration I just entered all I get is this:
config system tos-based-priority
edit 12
set tos 12
next
end
Likewise, if I try to do a config sys global and then set tos-base-priority medium, the commands are accepted but do not appear when showing the config. Anyone have any idea what gives with this? I' ve tried this on both FGT60B and FGT80C' s, both running 4.0MR3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I believe the default value is set to high, in which case the fortigate doesn' t display it unless you use the show full
# config system tos-based-priority
(tos-based-prio~i) # show
config system tos-based-priority
edit 12
set tos 12
next
end
(tos-based-prio~i) # show full-configuration
config system tos-based-priority
edit 12
set tos 12
set priority high
next
end
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0
(FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FGT config system global
FGT (global) $ show
config system global
set admin-server-cert " local_cert"
set admintimeout 60
set auth-cert " local_cert"
set dst enable
set gui-lines-per-page 32
set hostname " FGT"
set lcdpin ENC blah-blah-blah
set optimize antivirus
set refresh 5
set tcp-timewait-timer 120
set timezone 12
set tos-based-priority medium
set user-server-cert " local_cert"
set wireless-controller disable
end
FGT (global) $
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Dave, you nailed it. <rant> I think that' s kinda goofy - I sort of understand the logic of not showing default settings, but if you' ve modified the global tos-based-priority to something other than high, then high is no longer the default... anyway... </rant>
FYI, for the benefit of others reading this thread in the future, I' ve also discovered while working on this that the manual incorrectly supplies the troubleshooting command " diag sys tos-based-priority" . Again, <rant> instead of an error the command is simply accepted but nothing happens</rant>. The correct form is " diag sys tos-based-priority list" .
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Bob what model of FGT and what OS? On mine I had to use show full on the config sys global in order to see the change to medium default priority. FGT80C 4.0MR3
Related Posts
- Byte value in the IPV4 'Policy'... 1011 Views
- difference between the values appear in... 5654 Views
- ... 11787 Views
- ... 1864 Views
- ... 2726 Views
Labels
-
FortiGate
6,541 -
FortiClient
1,304 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
Customer Service
70 -
FortiToken
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
Firewall policy
24 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
FortiConverter
21 -
VLAN
20 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiAuthenticator
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
SSL SSH inspection
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
Schedule
1 -
4.0MR1
1 -
SDN connector
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
FortiPAM
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
FortiManager-VM
1 -
Zone
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.