Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lk777
New Contributor

Traffic Shaping matching ToS and DSCP matching/marking question

FortiWiFi v7.2.4

 

I have tried DSCP marking via Traffic Shaper and Traffic Shaping policy and I see that DSCP marking works.

Does ToS matching work only with Firewall policies?

 

In this article instructions apply to firewall policies.

If I do not use matching/marking in those policies do I need to use it in traffic shaping polices?

Or shapers/shaping policies only use DSCP marking if it is enabled and there are no any matching settings?

 

Is there any correlation between Traffic Shaper's "Traffic priority" and DSCP if DSCP marking is not enabled? I see all packet headers have 'DSCP : CS0' when DSCP is not set explicitly.

 

Thanks.

 

 

 

5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Hello ,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
Anthony_E
Community Manager
Community Manager

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
gfleming
Staff
Staff

I'm really sorry but it's not clear what your issue is or what you are trying to do.

 

Lots of good info on Traffic Shaping here:

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/673634/traffic-shaping-polic...

 

 

Cheers,
Graham
austinmad
New Contributor II

Hi Graham,

Could you please help me understand how to choose the right values for "tos tos_value" and "tos-mask mask_value"  in the traffic shaping policy?

if the dscp is af31, what would be those values?

 

thanks

 

gfleming

Here's a good table that shows the TOS equivalents and the hex values:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Traffic-Shaping-methods-and-DSCP-ToS-Value...

 

For example if you want to match all Critical - Voice Data (DSCP 40 and 46) the bit values for those are:

 

00101110

00101000

 

So you want a tos-mask that matches the "00101" bits (or in other words the first 5 bit positions) as those bits are unique for DSCP 40 and 46. So your tos-mask would be 11111000. Which in hex is 0xF8.

 

Next you want to specify the actual bit pattern you want to match which is: 00101XXX so that would be 00101000 in hex 0x28.

 

 

Cheers,
Graham
Top Kudoed Authors