Fortinet black logo

Administration Guide

Interface-based traffic shaping with NP acceleration

Interface-based traffic shaping with NP acceleration

Interface-based traffic shaping with NP acceleration is supported on some devices.

An administrator configures the WAN interface's maximum outbound bandwidth and, based on that, creates a traffic shaping profile with a percentage based shaper. This allows for proper QoS and traffic shaping. VLAN interfaces are not supported.

Note

This feature is supported on FortiGate 600E, 500E, and 300E models.

To configure interface-based traffic shaping:
  1. Enable NPU offloading when doing interface-based traffic shaping according to the egress-shaping-profile:
    config system npu
        set intf-shaping-offload enable
    end
  2. Configure shaping profiles:
    config firewall shaping-profile
        edit "sdwan"
            set default-class-id 4
            config shaping-entries
                edit 1
                    set class-id 4
                    set guaranteed-bandwidth-percentage 3
                    set maximum-bandwidth-percentage 5
                next
                edit 2
                    set class-id 3
                    set priority medium
                    set guaranteed-bandwidth-percentage 50
                    set maximum-bandwidth-percentage 100
                next
                edit 3
                    set class-id 2
                    set priority low
                    set guaranteed-bandwidth-percentage 1
                    set maximum-bandwidth-percentage 5
                next
            end
        next
    end

    The class number is limited to 16.

  3. Configure a traffic shaper and shaping policy:
    config firewall shaper traffic-shaper
        edit "Transactional"
            set priority medium
        next
    end
    
    config firewall shaping-policy
        edit 1
            set service "ALL"
            set dstintf "any"
            set traffic-shaper "Transactional"
            set class-id 3
            set srcaddr "all"
            set dstaddr "all"
        next
    end
  4. Apply the egress shaping profile on the interface:
    config system interface
        edit "port2"
            set vdom "root"
            set ip 10.1.100.23 255.255.255.0
            set allowaccess ping
            set type physical
            set outbandwidth 500
            set egress-shaping-profile "sdwan"
            set snmp-index 4
        next
    end
  5. Configure a firewall policy:
    config firewall policy
        edit 3
            set srcintf "port2"
            set dstintf "port1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set schedule "always"
            set service "ALL"
            set logtraffic all
            set nat enable
        next
    end

Related Videos

sidebar video

Interface Based Traffic Shaping

  • 4,152 views
  • 4 years ago

Interface-based traffic shaping with NP acceleration

Interface-based traffic shaping with NP acceleration is supported on some devices.

An administrator configures the WAN interface's maximum outbound bandwidth and, based on that, creates a traffic shaping profile with a percentage based shaper. This allows for proper QoS and traffic shaping. VLAN interfaces are not supported.

Note

This feature is supported on FortiGate 600E, 500E, and 300E models.

To configure interface-based traffic shaping:
  1. Enable NPU offloading when doing interface-based traffic shaping according to the egress-shaping-profile:
    config system npu
        set intf-shaping-offload enable
    end
  2. Configure shaping profiles:
    config firewall shaping-profile
        edit "sdwan"
            set default-class-id 4
            config shaping-entries
                edit 1
                    set class-id 4
                    set guaranteed-bandwidth-percentage 3
                    set maximum-bandwidth-percentage 5
                next
                edit 2
                    set class-id 3
                    set priority medium
                    set guaranteed-bandwidth-percentage 50
                    set maximum-bandwidth-percentage 100
                next
                edit 3
                    set class-id 2
                    set priority low
                    set guaranteed-bandwidth-percentage 1
                    set maximum-bandwidth-percentage 5
                next
            end
        next
    end

    The class number is limited to 16.

  3. Configure a traffic shaper and shaping policy:
    config firewall shaper traffic-shaper
        edit "Transactional"
            set priority medium
        next
    end
    
    config firewall shaping-policy
        edit 1
            set service "ALL"
            set dstintf "any"
            set traffic-shaper "Transactional"
            set class-id 3
            set srcaddr "all"
            set dstaddr "all"
        next
    end
  4. Apply the egress shaping profile on the interface:
    config system interface
        edit "port2"
            set vdom "root"
            set ip 10.1.100.23 255.255.255.0
            set allowaccess ping
            set type physical
            set outbandwidth 500
            set egress-shaping-profile "sdwan"
            set snmp-index 4
        next
    end
  5. Configure a firewall policy:
    config firewall policy
        edit 3
            set srcintf "port2"
            set dstintf "port1"
            set srcaddr "all"
            set dstaddr "all"
            set action accept
            set schedule "always"
            set service "ALL"
            set logtraffic all
            set nat enable
        next
    end