Technical Tip: Using Traffic Shaping with Class ID to Prioritize Traffic

1. Create Traffic Shaping Profile.

Traffic Shaping Profile configuration includes creating Class IDs (Identifier that can be used to apply Traffic Shaping Policies) and assigning Guaranteed Bandwidth, Maximum Bandwidth, and Priority per Class ID.

In this example, 2 Class IDs need to be created, each of them would allow to identification of the traffic for Agents and Management users. 

Traffic Shaping Profile

Class ID called CEO, would identify Management Users traffic, and the Class ID Called Agent, would identify Agent Users Traffic.

Guaranteed traffic means that all the traffic tagged with this Class ID would ALWAYS have available that percentage of the total amount of Bandwidth on the interface. 

Maximum Bandwidth means that all the traffic tagged with this Class ID can use that percentage of the total amount of Bandwidth configured on the interface.

Priority is how the traffic would be prioritized by FortiGate (Top, Critical, High, Medium, Low).

Class ID CEO Configurations:

Guaranteed Bandwidth: 99%.
Maximum Bandwidth: 100%.

Priority: Top.
Default

Class ID AGENT Configurations:
Guaranteed Bandwidth: 1%.
Maximum Bandwidth: 100%.
Priority: Low

2. Create a Traffic Shaping Policy.

The Traffic Shaping Policy would determine the traffic that is going to be tagged with a Class ID.
It is necessary to configure, Source, Destination, Destination Interface, and Action, the action could be to Apply a Traffic Shaper or Assign a Shaping Class ID, in this case, the action would be to assign a Shaping Class ID.

Traffic Shaping Policies work similarly to the Firewall Policies and the traffic is matched from top to down.

Traffic Shaping Policy 1

Traffic Shaping Policy 2

The primary goal in this scenario is to prioritize traffic based on Class ID. To achieve this, Traffic Shaping Policies are essential as they enable the assignment of a Class ID to specific traffic. Since there are two distinct Class IDs, the creation of two Traffic Shaping Policies is necessary, each dedicated to assigning a unique Class ID.

3. Configure Wan Interface

Following the setup of Traffic Shaping Policies and Traffic Shaping Profiles, the subsequent task involves configuring the WAN interface. It is essential to establish the Inbound Bandwidth and specify the Ingress Traffic Shaping Profile. Additionally, there is the option to configure the Egress Traffic Shaping Profile and set the Outbound Bandwidth, with the specifics contingent on the particular traffic flow.
For user downloads, the traffic would be 'Inbound Traffic' and for user uploads, the traffic would be 'Outbound Traffic'.

In this example, the configurations would apply for Inbound Traffic but the commands for Outbound Traffic can also be found below.
This can be done using CLI.

config system interface

    edit "port1" <----- The WAN Interface.
        set inbandwidth 100000 <----- Specify the bandwidth for the interface in kbps. The percentage configured on the Class ID will be calculated based on this value.
        set outbandwidth <----- Specify the bandwidth for the interface in kbps. The percentage configured on the Class ID will be calculated based on this value.

        set ingress-shaping-profile TEST <----- Name of the Shaping Profile created in the First Step.

        set egress-shaping-profile <----- Name of the Shaping Profile created in the First Step.

With this configuration, traffic between Agent Users and Management Users will be prioritized.

It is possible to verify this by downloading a file on an Agent Machine. It will utilize all available bandwidth.

However, when a download is initiated on a Management User Machine, the download speed on the Agent Machine will decrease to 1%, while the Management User Machine will start utilizing all available bandwidth.

Agent Machine would start using all the BW again after the Download on Management User Machine has ended or if it is canceled.