Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
austinmad
New Contributor II

Traffic shaping policy information

Hi guys,


I am trying to create a traffic shaping policy for particular traffic but need some help please.

if I want to create a policy for dscp af31, what values should I use for "tos tos_value" and "tos-mask mask_value" in the Fortigate?  Could someone please help me understand this so  I can create them for the other dscp values mentioned below ?

 

 

match ip dscp ef
match ip dscp af31
match ip dscp ef
match ip dscp af11
match ip dscp cs6
match ip dscp af21
match ip dscp af41
match ip dscp af43
match ip dscp af11
match ip dscp af31
match ip dscp af41
match ip dscp cs6

3 REPLIES 3
Toshi_Esumi
SuperUser
SuperUser

TOS matching with FW policies and shaping policies was introduced with 6.2. At that time I tested how to configure those "set tos 0xXX" and "set tos-mask 0xYY" in the policies.
https://docs.fortinet.com/document/fortigate/6.4.5/administration-guide/813032/dscp-matching-shaping

They call it TOS because it handles the entire 8 bits, called TOS field, regarless if you use "tos" or "dscp".
https://en.wikipedia.org/wiki/Type_of_service

In the nutshell, the bit calculation works like below. In bellow formula 'B' means binary values. Below is showing DSCP 'EF' only but you can plug any other values. Just keep it mind DSCP occupies the top 6 bits only. So tos-mask is almost always '0xfc'.

DSCP EF(101110B) = ToS byte 10111000B = 0xb8  -> "set tos 0xb8"
                   Mask     11111100B = 0xfc  -> "set tos-mask 0xfc"


Toshi

austinmad

Hi,

thanks for the reply.

I read through the document and understand that if I am doing just "dscp matching" then I  only need to create "firewall shaping policies" with the relevant tos and tos-mask values.  And I dont have to make any changes to the firewall policies.  

Could you please confirm that my understanding about this is correct.

 

thanks.

 

Toshi_Esumi

Yes. My understanding is the same as yours.

 

Toshi

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors