Created on 11-02-2016 06:49 PM Edited on 01-30-2024 02:25 AM By Kate_M
Description
We will demonstrate how to enable traffic shaping to control YouTube application.
Solution
1. In version 5.4.X there are different ways to apply a shaper to the traffic.
2. In addition to the use of traffic shapping policy you can enable a traffic shaper at the application control profile level in this way the users that matches the App control profile will be affected by the shaper.
3. For this method We will proceed as follow:
4. You need to configure a firewall rule to allow the traffic through the Fortigate and in addition enable an application control profile on it.
5. using the GUI interface place the rule in the proper order. This allows to match the right policy.
6. Try to visit the web site www.youtube.com , and take a look at the logs collected.
7. Using the debug flow tool you can get detailed information about the session, take a look at the fields corresponding to the shaper name and the application ID
for additional information:
http://kb.fortinet.com/kb/documentLink.do?externalID=FD33882
8. Now We are going to create a traffic shaper, for the following steps you can use the GUI or the CLI, for the CLI will be as follow:
9. Now you can apply the shaper to the Application profile, edit the application profile previously created and add the following configuration
config application list
10. Try to watch some YouTube videos and then run the following command to evaluate the results .
11. You can also take a look at the sessions through debug flow tool.
session info: proto=6 proto_state=01 duration=5 expire=3594 timeout=3600 flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=4
12. this approach will give you the advantage to use the same application control profile in different firewall rules
Related Articles
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.