Hello,
I have a problem with traffic shaping. I have a simple traffic shaping policy to limit the bandwidth when browsing some streaming websites and it's been working perfectly for a while. However, all those websites can't be accessed anymore, no changes were made in the policy. When I check the logs, it shows that those requests are UTM Allowed but the most of the times the received data is 0 kb and a "TCP reset from client" message. When I disable the traffic shaping policy everything goes back to normal. I'm not sure if I'm missing something or there's a flaw within my firewall (FortiGate 400F, V7.0.12).
Any ideas or hints ?
Thank you in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi
Can you share your traffic shaping policy?
config firewall shaper traffic-shaper
edit "test_shaper"
set maximum-bandwidth 60
set bandwidth-unit mbps
set priority low
next
end
config firewall shaping-policy
edit 1
set name "TEST"
set status disable
set service "ALL"
set srcintf "port1"
set dstintf "port2"
set traffic-shaper "test_shaper"
set srcaddr "My_PC"
set dstaddr "all"
next
I also specified streaming websites in the application field (youtube and others)
Hi @user_14
Please share your network scenario.
- What is outgoing interface BW
- How much traffic did you configure Shaping ?
- What is your incoming throughput ?
Please share more information about configuration as AEK mentioned too.
Brs/Bill
Hi,
config firewall shaper traffic-shaper
edit "test_shaper"
set maximum-bandwidth 60
set bandwidth-unit mbps
set priority low
next
end
config firewall shaping-policy
edit 1
set name "TEST"
set status disable
set service "ALL"
set srcintf "port1"
set dstintf "port2"
set traffic-shaper "test_shaper"
set srcaddr "My_PC"
set dstaddr "all"
next
I also specified streaming websites in the application field (youtube and others),
the outogoing interface BW is about 500 Mbps
Hi user_14,
Thank you for the config. Looks like the traffic shaping policy is disabled. Could you confirm if the traffic is hitting the correct policy?
Regards,
Vimala
Created on 10-24-2023 12:45 AM Edited on 10-24-2023 12:46 AM
Hello, thank you for your time.
Yes it was disabled at that moment just for testing purposes. When I enable it and I apply the traffic shaper, the issue is reproduced again and I can't browse those streaming (i.e youtube) as explained above.
PS: in the logs it shows that it hits the traffic shaping policy
Thank you,
Hi @user_14
What is your FTG software/hardware version?
Can you share the log that traffic hit the Shapping QoS?
Brs/Bill
Hi @BillH_FTNT ,
the following is the related part of the logs:
Received Bytes 0 B
Received Packets 0
Sent Bytes 260 B
Sent Packets 5
Sent Shaper Bytes Dropped 0 B
Action Accept: session timeout
Policy ID PolicyID
Policy UUID PolicyUUID
Policy Type Firewall
Sent Shaper Name test_shaper
Thank you,
HI @user_14
I tested it in my lab; the shaping worked okay. So, to match with your firewall, please go under policy using the show and get command to get detailed configuration regarding the policy. Thanks
conf firewall policy
edit "xyz"
show
get
Brs/Bill
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.