Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rajamanickam
Contributor

Traffic Shaping monitoring discrepancy between GUI and CLI

Hi,

 

  I am running a traffic shaper for SMB traffic so that to control the file transfer rate. Link capacity is 300Mbps. I have given guaranteed bandwidth of 40Mbps and maximum bandwidth of 100Mbps. 

I am monitoring under Fortiview traffic shaping view where I could see around 1.76Mbps of current bandwidth. But at the same time, when I issued CLI command "debug firewall shaper traffic-shaping list" I could see that current bandwidth of this shaping policy is 0kB/sec. I am not understanding why there is discrepancy of this value between GUI and CLI or Whether am I missing anything?

 

 

Regards

Raja

8 REPLIES 8
Anonymous
Not applicable

Hello rajamanickam, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Fortinet Community Team 

Anthony_E
Community Manager
Community Manager

Hi rajamanickam,

 

I have found this document:

 

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/173541/troubleshooting-traffic-shaping

 

Could you please tell me if it is helping you?

 

Regards,

Anthony-Fortinet Community Team.
rajamanickam

Thanks for your reply Anthony.. This link gives commands to verify the shaper information. Issue I could see is, discrepancy between the Traffic shaping monitor in GUI vs diagnose firewall shaper traffic-shaping list command. In GUI current bandwidth against the traffic shaper is showing as 3.7Mbps but in CLI it is showing as 0kB/sec.. Hence I doubt whether traffic shapping is happening or not.

Anthony_E
Community Manager
Community Manager

Hello rajamanickam,

 

Oh ok!

I will then find somebody to reply to you concerning this specific issue.

 

Regards

Anthony-Fortinet Community Team.
Toshi_Esumi
Esteemed Contributor III

By the way, I'm not sure how it's measuring matching traffic for what duration when it shows the numbers in Fortiview GUI. But I remember I had to disable auto-asic-offload on those policies (not shaping-policies) to see any numbers in "diagnose firewall shaper traffic-shaper list". And kept hitting command again and again to catch the moment the congestion/dropping was happening.

 

Did you do that, Raja?

 

Toshi

Debbie_FTNT
Staff
Staff

Hey Raja,

in FortiView, are you looking at 'Now' information or historic traffic-shaping information?
If the 'Now' tab, FortiGate should pull the information from the session table, I believe. If you're looking at historic bandwidth information, that information should come from logs; in that case it is also relevant to know what firmware version your FortiGate is on.

 

Regarding CLI command not showing anything when offloading is enabled, as Toshi mentioned, that could indeed be a reason.

+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
rajamanickam

Hi Debbie,

 

  I understand there is no history option in traffic-shaping. Fortigate is currently on 6.4.7

 

Whether disabling auto-asic-offload in policy will cause any impact??

 

Regards

Raja

Toshi_Esumi
Esteemed Contributor III

It shouldn't. It just doesn't utilize NPU and handle everything with CPU. Only impact is it might slow down the processing speed under heavy traffic situations. So only disable it when you need to test, and enable it back once it's done.

 

By the way, as Debbie explained those GUI and CLI use different way of traffic measurement. So the results are always different inevitably. But to me the CLI measurement is closer, if not the closest, to general means of "bps(bit-per-second)" as you would expect with any other router's measurement like Cisco, Juniper, etc.

 

Toshi

Top Kudoed Authors