- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Traffic Shaping
Hello,
I have a problem with traffic shaping. I have a simple traffic shaping policy to limit the bandwidth when browsing some streaming websites and it's been working perfectly for a while. However, all those websites can't be accessed anymore, no changes were made in the policy. When I check the logs, it shows that those requests are UTM Allowed but the most of the times the received data is 0 kb and a "TCP reset from client" message. When I disable the traffic shaping policy everything goes back to normal. I'm not sure if I'm missing something or there's a flaw within my firewall ( FortiGate 400F, V7.0.12).
Any ideas or hints ?
Thank you in advance.
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
Can you share your traffic shaping policy?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
config firewall shaper traffic-shaper
edit "test_shaper"
set maximum-bandwidth 60
set bandwidth-unit mbps
set priority low
next
end
config firewall shaping-policy
edit 1
set name "TEST"
set status disable
set service "ALL"
set srcintf "port1"
set dstintf "port2"
set traffic-shaper "test_shaper"
set srcaddr "My_PC"
set dstaddr "all"
next
I also specified streaming websites in the application field (youtube and others)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @user_14
Please share your network scenario.
- What is outgoing interface BW
- How much traffic did you configure Shaping ?
- What is your incoming throughput ?
Please share more information about configuration as AEK mentioned too.
Brs/Bill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
config firewall shaper traffic-shaper
edit "test_shaper"
set maximum-bandwidth 60
set bandwidth-unit mbps
set priority low
next
end
config firewall shaping-policy
edit 1
set name "TEST"
set status disable
set service "ALL"
set srcintf "port1"
set dstintf "port2"
set traffic-shaper "test_shaper"
set srcaddr "My_PC"
set dstaddr "all"
next
I also specified streaming websites in the application field (youtube and others),
the outogoing interface BW is about 500 Mbps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi user_14,
Thank you for the config. Looks like the traffic shaping policy is disabled. Could you confirm if the traffic is hitting the correct policy?
Regards,
Vimala
Created on 10-24-2023 12:45 AM Edited on 10-24-2023 12:46 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, thank you for your time.
Yes it was disabled at that moment just for testing purposes. When I enable it and I apply the traffic shaper, the issue is reproduced again and I can't browse those streaming (i.e youtube) as explained above.
PS: in the logs it shows that it hits the traffic shaping policy
Thank you,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @user_14
What is your FTG software/hardware version?
Can you share the log that traffic hit the Shapping QoS?
Brs/Bill
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @BillH_FTNT ,
the following is the related part of the logs:
Received Bytes 0 B
Received Packets 0
Sent Bytes 260 B
Sent Packets 5
Sent Shaper Bytes Dropped 0 B
Action Accept: session timeout
Policy ID PolicyID
Policy UUID PolicyUUID
Policy Type Firewall
Sent Shaper Name test_shaper
Thank you,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HI @user_14
I tested it in my lab; the shaping worked okay. So, to match with your firewall, please go under policy using the show and get command to get detailed configuration regarding the policy. Thanks
conf firewall policy
edit "xyz"
show
get
Brs/Bill