SD-WAN traffic shaping and QoS

Use a traffic shaper in a firewall shaping policy to control traffic flow. You can use it to control maximum and guaranteed bandwidth, or put certain traffic to one of the three different traffic priorities: high, medium, or low.

An advanced shaping policy can classify traffic into 30 groups. Use a shaping profile to define the percentage of the interface bandwidth that is allocated to each group. Each group of traffic is shaped to the assigned speed limit based on the outgoing bandwidth limit configured on the interface.

For more information, see Traffic shaping.

Sample topology

Sample configuration

This example shows a typical customer usage where the customer's SD-WAN uses the default zone, and has two member: wan1 and wan2, each set to 10Mb/s.

An overview of the procedures to configure SD-WAN traffic shaping and QoS with SD-WAN includes:

  1. Give HTTP/HTTPS traffic high priority and give FTP low priority so that if there are conflicts, FortiGate will forward HTTP/HTTPS traffic first.
  2. Even though FTP has low priority, configure FortiGate to give it a 1Mb/s guaranteed bandwidth on each SD-WAN member so that if there is no FTP traffic, other traffic can use all the bandwidth. If there is heavy FTP traffic, it can still be guaranteed a 1Mb/s bandwidth.
  3. Traffic going to specific destinations such as a VOIP server uses wan1 to forward, and SD-WAN forwards with an Expedited Forwarding (EF) DSCP tag 101110.
To configure SD-WAN traffic shaping and QoS with SD-WAN in the GUI:
  1. On the FortiGate, add wan1 and wan2 as SD-WAN members, then add a policy and static route.

    See SD-WAN quick start.

  2. Add a firewall policy with Application Control enabled. See Configuring firewall policies for SD-WAN.
  3. Go to Policy & Objects > Traffic Shaping, select the Traffic Shapers tab, and edit low-priority.
    1. Enable Guaranteed Bandwidth and set it to 1000 kbps.
  4. Go to Policy & Objects > Traffic Shaping, select the Traffic Shaping Policies tab, and click Create New.
    1. Name the traffic shaping policy, for example, HTTP-HTTPS.
    2. Set the following:

      Source

      all

      Destination

      all

      Service

      HTTP and HTTPS

      Outgoing interface