Interface-based traffic shaping with NP acceleration
Interface-based traffic shaping with NP acceleration is supported on some devices.
An administrator configures the WAN interface's maximum outbound bandwidth and, based on that, creates a traffic shaping profile with a percentage based shaper. This allows for proper QoS and traffic shaping. VLAN interfaces are not supported.
This feature is supported on FortiGate 600E, 500E, 400E, and 300E models. |
To configure interface-based traffic shaping:
-
Enable NPU offloading when doing interface-based traffic shaping according to the egress-shaping-profile:
config system npu set intf-shaping-offload enable end
-
Configure shaping profiles:
config firewall shaping-profile edit "sdwan" set default-class-id 4 config shaping-entries edit 1 set class-id 4 set guaranteed-bandwidth-percentage 3 set maximum-bandwidth-percentage 5 next edit 2 set class-id 3 set priority medium set guaranteed-bandwidth-percentage 50 set maximum-bandwidth-percentage 100 next edit 3 set class-id 2 set priority low set guaranteed-bandwidth-percentage 1 set maximum-bandwidth-percentage 5 next end next end
The class number is limited to 16.
-
Configure a traffic shaper and shaping policy:
config firewall shaper traffic-shaper edit "Transactional" set priority medium next end
config firewall shaping-policy edit 1 set service "ALL" set dstintf "any" set traffic-shaper "Transactional" set class-id 3 set srcaddr "all" set dstaddr "all" next end
-
Apply the egress shaping profile on the interface:
config system interface edit "port2" set vdom "root" set ip 10.1.100.23 255.255.255.0 set allowaccess ping set type physical set outbandwidth 500 set egress-shaping-profile "sdwan" set snmp-index 4 next end
-
Configure a firewall policy:
config firewall policy edit 3 set srcintf "port2" set dstintf "port1" set srcaddr "all" set dstaddr "all" set action accept set schedule "always" set service "ALL" set logtraffic all set nat enable next end