Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
HS08
Contributor

Created on ‎08-24-2025 09:32 PM

Traffic Shapper Src and Dst IP

I was configure traffic shaper policy for limit internet speed from lan to the internet, the policy name is 'pc_to_internet'.

Policy 'pc_to_internet' is working normally and for source i use my LAN address.

Screenshot 2025-08-25 112633.png

But i have another shaper policy to limit speed from the ipsec vpn site to site (1st row).

When i set source using my LAN address (same with policy pc_to_internet) then i try to copy file from another site2 then the speed is not limited. But if i change the source to site2 address and destination to my LAN address then the speed is imited.

Anyone can help me to understand why src and dst is different to limit bandwidh to the internet and to the another site using vpn site2site?

Labels:
164
0 Kudos
8 REPLIES 8
AEK
SuperUser
SuperUser

Created on ‎08-25-2025 12:52 AM

When you set source=LAN and dest=Site2_Addr, do you set source_intf=Local_VLANs and dest_intf=Tunnel?

AEK
AEK
144
HS08
Contributor
In response to AEK

Created on ‎08-25-2025 01:02 AM

If you see below when i set src to LAN, dst to site2 address, src intf to my VLAN and dst intf to the sdwan then the policy is not work (the bandwidth is 2.17kbps)

Screenshot 2025-08-25 145628.png

Screenshot 2025-08-25 145646.png

 

If i reverse set src to site2 address, dst to LAN, src intf to sdwan and dst intf to my VLAN then the policy is work (the bandwidth is 151.38Mbps)

Screenshot 2025-08-25 145742.png

Screenshot 2025-08-25 145759.png

140
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎08-25-2025 01:15 AM

Can you share the shaper configuration?

AEK
AEK
133
0 Kudos
HS08
Contributor
In response to AEK

Created on ‎08-25-2025 01:21 AM

here my config

Screenshot 2025-08-25 152032.png

128
0 Kudos
AEK
SuperUser
SuperUser

Created on ‎08-25-2025 01:26 AM

Are you doing NAT for the traffic from LAN to the tunnel?

AEK
AEK
124
0 Kudos
HS08
Contributor
In response to AEK

Created on ‎08-25-2025 01:29 AM

no nat, see below

Screenshot 2025-08-25 152819.png

120
0 Kudos
AEK
SuperUser
SuperUser
In response to HS08

Created on ‎08-25-2025 02:06 AM

In the traffic shaper rule, can you try with outgoing interface "any" and see the result?

AEK
AEK
105
0 Kudos
HS08
Contributor
In response to AEK

Created on ‎08-25-2025 02:13 AM

it's not working

policy

Screenshot 2025-08-25 161140.png

result

Screenshot 2025-08-25 161155.png

101
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.