I am trying to create a traffic shaping policy for particular traffic but need some help please.
if I want to create a policy for dscp af31, what values should I use for "tos tos_value" and "tos-mask mask_value" in the Fortigate? Could someone please help me understand this so I can create them for the other dscp values mentioned below ?
match ip dscp ef match ip dscp af31 match ip dscp ef match ip dscp af11 match ip dscp cs6 match ip dscp af21 match ip dscp af41 match ip dscp af43 match ip dscp af11 match ip dscp af31 match ip dscp af41 match ip dscp cs6
In the nutshell, the bit calculation works like below. In bellow formula 'B' means binary values. Below is showing DSCP 'EF' only but you can plug any other values. Just keep it mind DSCP occupies the top 6 bits only. So tos-mask is almost always '0xfc'.
DSCP EF(101110B) = ToS byte 10111000B = 0xb8 -> "set tos 0xb8"
Mask 11111100B = 0xfc -> "set tos-mask 0xfc"
I read through the document and understand that if I am doing just "dscp matching" then I only need to create "firewall shaping policies" with the relevant tos and tos-mask values. And I dont have to make any changes to the firewall policies.
Could you please confirm that my understanding about this is correct.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.