Interface-based traffic shaping with NP acceleration
Interface-based traffic shaping with NP acceleration is supported on some devices.
An administrator configures the WAN interface's maximum outbound bandwidth and, based on that, creates a traffic shaping profile with a percentage based shaper. This allows for proper QoS and traffic shaping. VLAN interfaces are not supported.
This feature is supported on FortiGate 600E, 500E, 400E, and 300E models.
To configure interface-based traffic shaping:
- Enable NPU offloading when doing interface-based traffic shaping according to the egress-shaping-profile:
config system npu set intf-shaping-offload enable end - Configure shaping profiles:
config firewall shaping-profile edit "sdwan" set default-class-id 4 config shaping-entries edit 1 set class-id 4 set guaranteed-bandwidth-percentage 3 set maximum-bandwidth-percentage 5 next edit 2 set class-id 3 set priority medium set guaranteed-bandwidth-percentage 50 set maximum-bandwidth-percentage 100 next edit 3 set class-id 2 set priority low set guaranteed-bandwidth-percentage 1 set maximum-bandwidth-percentage 5 next end next endThe class number is limited to 16.
- Configure a traffic shaper and shaping policy:
config firewall shaper traffic-shaper edit "Transactional" set priority medium next endconfig firewall shaping-policy edit 1 set service "ALL" set dstintf "any" set traffic-shaper "Transactional" set class-id 3 set srcaddr "all" set dstaddr "all" next end - Apply the egress shaping profile on the interface:
config system interface edit "port2" set vdom "root" set ip 10.1.100.23 255.255.255.0 set allowaccess ping set type physical set outbandwidth 500 set egress-shaping-profile "sdwan" set snmp-index 4 next end - Configure a firewall policy:
config firewall policy edit 3 set srcintf "port2" set dstintf "port1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set nat enable next end