Hello,
I have a problem with traffic shaping. I have a simple traffic shaping policy to limit the bandwidth when browsing some streaming websites and it's been working perfectly for a while. However, all those websites can't be accessed anymore, no changes were made in the policy. When I check the logs, it shows that those requests are UTM Allowed but the most of the times the received data is 0 kb and a "TCP reset from client" message. When I disable the traffic shaping policy everything goes back to normal. I'm not sure if I'm missing something or there's a flaw within my firewall (FortiGate 400F, V7.0.12).
Any ideas or hints ?
Thank you in advance.
Hi @BillH_FTNT,
I enabled the traffic shaping policy and run the commands show and then get.
Nothing seems off except for these two lines at the end of the get command output :
traffic-shaper :
traffic-shaper-reverse:
Normally they should show the shaper used in the policy, don't they ?
I'm not sure if this is some bug but traffic shaping was working until it stopped without any direct configuration in the policy.
Thank you,
One more info I found in the traffic shaping policy is:
tos-mask : 0x00
what does it refer to exactly? could it be the reason ?
Thank you,
hi @user_14 . I just sent you a private message. For tos-mask, "tos"is a type of service on IP packet header. This one is set when you have some defined the flows for traffic following DSCP/ToS to have different priorities on QoS. If it is a 0x00 value, it is the default value only.
Please try "set tcp-mss-sender 1400" and "set tcp-mss-receiver 1400".
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Setting-TCP-MSS-value/ta-p/194518
Thanks
Kangming
Hi, I have the same problem. It is on firmware 7.0.12-7.0.15 Have you found a solution to this problem?
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.