Hey guys,
I am trying to shape traffic on a VLAN. Whilst going through the motions of doing this, I find the following statement in the documentation:
Policy-based traffic shaping does not use queues directly. It shapes the traffic and if the packet is allowed by the security policy, then a priority is assigned. That priority controls what queue the packet will be put in upon egress. VLANs, VDOMs, aggregate ports and other virtual devices do not have queues and as such, traffic is sent directly to the underlying physical device where it is queued and affected by the physical ports. This is also the case with IPsec connections.
I am not sure what to make of this...
Some questions that come to mind following this:
1. Is it possible to shape traffic VLAN tagged traffic? I have a virtual interface under my internal interface that is guest WiFi. As you would imagine, I really want to limit the bandwidth consumed.
2. If it is possible, how does it differ from setting up shaping for a regular interface (i.e.: Internal).
I really appreciate any input/assistance with this.
Thanks!
Hi alpha202ej, Here is what you are looking for: http://help.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/about_ts.165.3.html. I have this configured on all of my virtual interfaces in my LAG. By setting your shaping at the interface level, you bypass the overhead of prior processing in web filtering, decryption or IPS scanning that you would be doing if it were configured at the policy level. config system interface edit <interface_name> set inbandwidth <rate_int> set outbandwidth <rate_int> next end
FortiOSman,
Up, Up, and Away!
User | Count |
---|---|
2677 | |
1412 | |
810 | |
703 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.