- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Traffic Shaping
Hello,
I have a problem with traffic shaping. I have a simple traffic shaping policy to limit the bandwidth when browsing some streaming websites and it's been working perfectly for a while. However, all those websites can't be accessed anymore, no changes were made in the policy. When I check the logs, it shows that those requests are UTM Allowed but the most of the times the received data is 0 kb and a "TCP reset from client" message. When I disable the traffic shaping policy everything goes back to normal. I'm not sure if I'm missing something or there's a flaw within my firewall ( FortiGate 400F, V7.0.12).
Any ideas or hints ?
Thank you in advance.
- Labels:
-
FortiGate
- « Previous
-
- 1
- 2
- Next »
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @BillH_FTNT,
I enabled the traffic shaping policy and run the commands show and then get.
Nothing seems off except for these two lines at the end of the get command output :
traffic-shaper :
traffic-shaper-reverse:
Normally they should show the shaper used in the policy, don't they ?
I'm not sure if this is some bug but traffic shaping was working until it stopped without any direct configuration in the policy.
Thank you,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
One more info I found in the traffic shaping policy is:
tos-mask : 0x00
what does it refer to exactly? could it be the reason ?
Thank you,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi @user_14 . I just sent you a private message. For tos-mask, "tos"is a type of service on IP packet header. This one is set when you have some defined the flows for traffic following DSCP/ToS to have different priorities on QoS. If it is a 0x00 value, it is the default value only.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please try "set tcp-mss-sender 1400" and "set tcp-mss-receiver 1400".
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518
Thanks
Kangming
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I have the same problem. It is on firmware 7.0.12-7.0.15 Have you found a solution to this problem?
- « Previous
-
- 1
- 2
- Next »