Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
user_14
New Contributor

Traffic Shaping

Hello, 

I have a problem with traffic shaping. I have a simple traffic shaping policy to limit the bandwidth when browsing some streaming websites and it's been working perfectly for a while. However, all those websites can't be accessed anymore, no changes were made in the policy. When I check the logs, it shows that those requests are UTM Allowed but the most of the times the received data is 0 kb and a "TCP reset from client" message. When I disable the traffic shaping policy everything goes back to normal. I'm not sure if I'm missing something or there's a flaw within my firewall (FortiGate 400F, V7.0.12).

Any ideas or hints ? 

Thank you in advance.

 

13 REPLIES 13
AEK
Honored Contributor

Hi

Can you share your traffic shaping policy?

AEK
AEK
user_14
New Contributor

config firewall shaper traffic-shaper
edit "test_shaper"
set maximum-bandwidth 60
set bandwidth-unit mbps
set priority low
next
end


config firewall shaping-policy
edit 1
set name "TEST"
set status disable
set service "ALL"
set srcintf "port1"
set dstintf "port2"
set traffic-shaper "test_shaper"
set srcaddr "My_PC"
set dstaddr "all"
next

 

I also specified streaming websites in the application field (youtube and others)

BillH_FTNT
Staff
Staff

Hi @user_14 

Please share your network scenario. 

- What is outgoing interface BW 

- How much traffic did you configure Shaping ?

- What is your incoming throughput ? 

Please share more information about configuration as AEK mentioned too. 

 

Brs/Bill

user_14

Hi, 
config firewall shaper traffic-shaper
edit "test_shaper"
set maximum-bandwidth 60
set bandwidth-unit mbps
set priority low
next
end


config firewall shaping-policy
edit 1
set name "TEST"
set status disable
set service "ALL"
set srcintf "port1"
set dstintf "port2"
set traffic-shaper "test_shaper"
set srcaddr "My_PC"
set dstaddr "all"
next

 

I also specified streaming websites in the application field (youtube and others),

the outogoing interface BW is about 500 Mbps

kvimaladevi

Hi user_14,

 

Thank you for the config. Looks like the traffic shaping policy is disabled. Could you confirm if the traffic is hitting the correct policy?

 

Regards,

Vimala

 

user_14

Hello, thank you for your time. 

Yes it was disabled at that moment just for testing purposes. When I enable it and I apply the traffic shaper, the issue is reproduced again and I can't browse those streaming (i.e youtube) as explained above. 

PS: in the logs it shows that it hits the traffic shaping policy

Thank you,

BillH_FTNT

Hi @user_14 

What is your FTG software/hardware version?
Can you share the log that traffic hit the Shapping QoS?
Brs/Bill

user_14

Hi @BillH_FTNT ,

the following is the related part of the logs: 

Received Bytes 0 B
Received Packets 0
Sent Bytes 260 B
Sent Packets 5
Sent Shaper Bytes Dropped 0 B

Action Accept: session timeout
Policy ID PolicyID
Policy UUID PolicyUUID
Policy Type Firewall
Sent Shaper Name test_shaper

 

Thank you,

BillH_FTNT

HI @user_14 

I tested it in my lab; the shaping worked okay. So, to match with your firewall, please go under policy using the show and get command to get detailed configuration regarding the policy. Thanks

 

conf firewall policy
edit "xyz"

show
get

 

Brs/Bill

Top Kudoed Authors