Fortinet white logo
Fortinet white logo

Administration Guide

Traffic shaping profile

Traffic shaping profile

A traffic shaping profile allows traffic shaping to be configured Up to 30 classes can be defined, with prioritization and bandwidth limits configured for each class.

Configuring traffic shaping profiles

The main steps to configure traffic shaping are:

  1. Configure the traffic shaping policy, and assign matched traffic to a class (see Traffic shaping policies).
  2. Create a traffic shaping profile and apply traffic bandwidth, prioritization and/or queuing per class.
  3. Configure the interface outbandwidth/inbandwidth and apply a shaping profile to the interface.

Creating a traffic shaping profile

A traffic shaping profile consists of the class ID, settings per class ID, and the default class ID for traffic that does not match any traffic shaping policies. A class can be configured in the GUI as part of a traffic shaping profile or policy. In the CLI, a traffic class must be defined before it can be assigned within a traffic shaping profile. Class IDs range from 2 - 31, and they can be reused between different traffic shaping profiles.

When creating a traffic shaping profile, you can configure the following options per class.

GUI option

CLI option

Description

Default

set default-class-id <class-id>

Set the default class ID.

Each profile must have one default class ID. The default class ID can be changed at any time.

Traffic shaping class ID

set class-id <integer>

Set the class ID (2 - 31).

Guaranteed bandwidth

set guaranteed-bandwidth-percentage <integer>

Set the percentage of the outbandwidth that will be guaranteed for the class ID.

Maximum bandwidth

set maximum-bandwidth-percentage <integer>

Set the percentage of the outbandwidth that will be the maximum bandwidth for the class ID.

Priority

set priority {top | critical | high | medium | low}

Select the priority level for the class ID.

To configure a traffic shaping profile in the GUI:
  1. Go to Policy & Objects > Traffic Shaping, select the Traffic Shaping Profiles tab, and click Create New.
  2. Enter the profile name, and optionally enter a comment.
  3. In the Traffic Shaping Classes section, click Create New.
  4. Configure the traffic shaping class ID settings (Traffic shaping class ID, Guaranteed bandwidth, Maximum bandwidth, and Priority).
  5. Click OK.
  6. Create more shaping classes as needed (the total guaranteed bandwidth of all classes cannot exceed 100%).
  7. Click OK.
To configure a traffic shaping profile in the CLI:
  1. Configure the shaping class:
    config firewall traffic-class
        edit <integer>
            set class-name <string>
        next
    end
  2. Configure the shaping profile:
    config firewall shaping-profile
        edit <name>
            set type {policing | queuing}
            set default-class-id <class-id>
            config shaping-entries
                edit <id>
                    set class-id <integer>
                    set priority {top | critical | high | medium | low}
                    set guaranteed-bandwidth-percentage <integer>
                    set maximum-bandwidth-percentage <integer>
                next
            end
        next
    end

Configuring the interface outbandwidth and inbandwidth

You must configure the following settings on an interface that has traffic shaping applied to egressing/ingressing traffic: assign a traffic shaping profile and configure the outbound/inbound bandwidth.

Since traffic shaping is often configured on the WAN interface for egressing/ingressing traffic, the outbound/inbound bandwidth is effectively the upstream/downstream bandwidth allowed by your ISP.

To configure traffic shaping on an interface:
  1. Go to Network > Interfaces and double-click an interface to edit it.
  2. In the Traffic Shaping section, depending on your needs, enable Outbound shaping profile or Inbound shaping profile or both.
  3. Select a profile for each enabled option.
  4. Enable Outbound bandwidth or Inbound shaping profile or both, depending on your previous configuration.
  5. Specify a value for each enabled option.
  6. Click OK.

Verifying that the traffic is being shaped

In this example, three traffic classes are defined in the traffic shaping profile assigned to port1. The outbandwidth configured on port1 is 1000 Kbps. Each class has an allocated-bandwidth, guaranteed-bandwidth, max-bandwidth, and current-bandwidth value.

  • The guaranteed-bandwidth and max-bandwidth are rates that are converted from the percentage of outbandwidth configured for each class. For example, class-id 2 has 10% guaranteed-bandwidth, equivalent to 100 Kbps, and 100% max-bandwidth equivalent to 1000 Kbps.
  • The allocated-bandwidth displays the real-time bandwidth allocation for the traffic class based on all available factors. This value changes as traffic demand changes.
  • The current-bandwidth displays the real-time bandwidth usage detected for the traffic class.
To verify that traffic is being shaped by the traffic shaping profile:

Enable debug flow to view the live traffic as it matches a traffic shaping policy:

# diagnose debug flow show function-name enable
# diagnose debug flow filter <filters>
# diagnose debug flow trace start <repeat_number>
# diagnose debug enable

Traffic shaping profile

Traffic shaping profile

A traffic shaping profile allows traffic shaping to be configured Up to 30 classes can be defined, with prioritization and bandwidth limits configured for each class.

Configuring traffic shaping profiles

The main steps to configure traffic shaping are:

  1. Configure the traffic shaping policy, and assign matched traffic to a class (see Traffic shaping policies).
  2. Create a traffic shaping profile and apply traffic bandwidth, prioritization and/or queuing per class.
  3. Configure the interface outbandwidth/inbandwidth and apply a shaping profile to the interface.

Creating a traffic shaping profile

A traffic shaping profile consists of the class ID, settings per class ID, and the default class ID for traffic that does not match any traffic shaping policies. A class can be configured in the GUI as part of a traffic shaping profile or policy. In the CLI, a traffic class must be defined before it can be assigned within a traffic shaping profile. Class IDs range from 2 - 31, and they can be reused between different traffic shaping profiles.

When creating a traffic shaping profile, you can configure the following options per class.

GUI option

CLI option

Description

Default

set default-class-id <class-id>

Set the default class ID.

Each profile must have one default class ID. The default class ID can be changed at any time.

Traffic shaping class ID

set class-id <integer>

Set the class ID (2 - 31).

Guaranteed bandwidth

set guaranteed-bandwidth-percentage <integer>

Set the percentage of the outbandwidth that will be guaranteed for the class ID.

Maximum bandwidth

set maximum-bandwidth-percentage <integer>

Set the percentage of the outbandwidth that will be the maximum bandwidth for the class ID.

Priority

set priority {top | critical | high | medium | low}

Select the priority level for the class ID.

To configure a traffic shaping profile in the GUI:
  1. Go to Policy & Objects > Traffic Shaping, select the Traffic Shaping Profiles tab, and click Create New.
  2. Enter the profile name, and optionally enter a comment.
  3. In the Traffic Shaping Classes section, click Create New.
  4. Configure the traffic shaping class ID settings (Traffic shaping class ID, Guaranteed bandwidth, Maximum bandwidth, and Priority).
  5. Click OK.
  6. Create more shaping classes as needed (the total guaranteed bandwidth of all classes cannot exceed 100%).
  7. Click OK.
To configure a traffic shaping profile in the CLI:
  1. Configure the shaping class:
    config firewall traffic-class
        edit <integer>
            set class-name <string>
        next
    end
  2. Configure the shaping profile:
    config firewall shaping-profile
        edit <name>
            set type {policing | queuing}
            set default-class-id <class-id>
            config shaping-entries
                edit <id>
                    set class-id <integer>
                    set priority {top | critical | high | medium | low}
                    set guaranteed-bandwidth-percentage <integer>
                    set maximum-bandwidth-percentage <integer>
                next
            end
        next
    end

Configuring the interface outbandwidth and inbandwidth

You must configure the following settings on an interface that has traffic shaping applied to egressing/ingressing traffic: assign a traffic shaping profile and configure the outbound/inbound bandwidth.

Since traffic shaping is often configured on the WAN interface for egressing/ingressing traffic, the outbound/inbound bandwidth is effectively the upstream/downstream bandwidth allowed by your ISP.

To configure traffic shaping on an interface:
  1. Go to Network > Interfaces and double-click an interface to edit it.
  2. In the Traffic Shaping section, depending on your needs, enable Outbound shaping profile or Inbound shaping profile or both.
  3. Select a profile for each enabled option.
  4. Enable Outbound bandwidth or Inbound shaping profile or both, depending on your previous configuration.
  5. Specify a value for each enabled option.
  6. Click OK.

Verifying that the traffic is being shaped

In this example, three traffic classes are defined in the traffic shaping profile assigned to port1. The outbandwidth configured on port1 is 1000 Kbps. Each class has an allocated-bandwidth, guaranteed-bandwidth, max-bandwidth, and current-bandwidth value.

  • The guaranteed-bandwidth and max-bandwidth are rates that are converted from the percentage of outbandwidth configured for each class. For example, class-id 2 has 10% guaranteed-bandwidth, equivalent to 100 Kbps, and 100% max-bandwidth equivalent to 1000 Kbps.
  • The allocated-bandwidth displays the real-time bandwidth allocation for the traffic class based on all available factors. This value changes as traffic demand changes.
  • The current-bandwidth displays the real-time bandwidth usage detected for the traffic class.
To verify that traffic is being shaped by the traffic shaping profile:

Enable debug flow to view the live traffic as it matches a traffic shaping policy:

# diagnose debug flow show function-name enable
# diagnose debug flow filter <filters>
# diagnose debug flow trace start <repeat_number>
# diagnose debug enable