Created on 01-29-2024 10:08 PM Edited on 02-05-2024 07:38 AM By Stephen_G
Description |
This article describes which technique can be used to prioritize traffic as stated in the example below:
|
Scope | Traffic Shaping, FortiOS, FortiGate, QoS. |
Solution |
Traffic Shaping Profile configuration includes creating Class IDs (Identifier that can be used to apply Traffic Shaping Policies) and assigning Guaranteed Bandwidth, Maximum Bandwidth, and Priority per Class ID.
Class ID called CEO, would identify Management Users traffic, and the Class ID Called Agent, would identify Agent Users Traffic.
Guaranteed Bandwidth: 99%. Priority: Top. Class ID AGENT Configurations:
The Traffic Shaping Policy would determine the traffic that is going to be tagged with a Class ID.
Traffic Shaping Policies work similarly to the Firewall Policies and the traffic is matched from top to down.
The primary goal in this scenario is to prioritize traffic based on Class ID. To achieve this, Traffic Shaping Policies are essential as they enable the assignment of a Class ID to specific traffic. Since there are two distinct Class IDs, the creation of two Traffic Shaping Policies is necessary, each dedicated to assigning a unique Class ID.
Following the setup of Traffic Shaping Policies and Traffic Shaping Profiles, the subsequent task involves configuring the WAN interface. It is essential to establish the Inbound Bandwidth and specify the Ingress Traffic Shaping Profile. Additionally, there is the option to configure the Egress Traffic Shaping Profile and set the Outbound Bandwidth, with the specifics contingent on the particular traffic flow.
config system interface edit "port1" <----- The WAN Interface. set ingress-shaping-profile TEST <----- Name of the Shaping Profile created in the First Step. set egress-shaping-profile <----- Name of the Shaping Profile created in the First Step.
With this configuration, traffic between Agent Users and Management Users will be prioritized. It is possible to verify this by downloading a file on an Agent Machine. It will utilize all available bandwidth. However, when a download is initiated on a Management User Machine, the download speed on the Agent Machine will decrease to 1%, while the Management User Machine will start utilizing all available bandwidth. Agent Machine would start using all the BW again after the Download on Management User Machine has ended or if it is canceled. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.