Support for new VM bandwidth-limited SKUs 6.4.2
Four new stackable SKUs allow you to purchase and deploy VMs with limited bandwidths per interface. The bandwidth limits are calculated per interface, or aggregate interface, per direction. Management only interfaces are exempt from the limit.
Each SKU includes one of the following service bundles:
- FortiClient only
- UTM
- Enterprise
- 360 Protection
The FortiGate gets the service bundle and bandwidth from FortiGuard after the VM license is uploaded to the FortiGate.
These examples show two of the license options:
- UTM and 100Gbps bandwidth (unlimited bandwidth)
- 360 Protection with 900Mbps bandwidth
The 360 Protection service bundle has been discontinued. |
UTM and 100Gbps
After the license is imported and validated, FortiGuard services are shown on the Status dashboard.
The CLI shows unlimited bandwidth for the license and no bandwidth for interfaces, because it is unlimited.
# diagnose debug vm-print-license SerialNumber: FGVMSBTM20090007 CreateDate: Fri May 15 00:36:41 2020 License expires: Sun May 16 17:00:00 2021 Key: yes Cert: yes Key2: yes Cert2: yes Model: SB (19) CPU: 2147483647 MEM: 2147483647 Bandwidth: unlimited
# diagnose netlink interface list port3 if=port3 family=00 type=1 index=5 mtu=1500 link=0 master=0 ref=14 state=start present fw_flags=10008000 flags=up broadcast run multicast Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:1f broadcast_addr=ff:ff:ff:ff:ff:ff stat: rxp=857 txp=5 rxb=80456 txb=312 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=14
360 Protection and 900Mbps bandwidth
After the license is imported and validated, FortiGuard services are shown on the Status dashboard.
The CLI shows an extra 10% bandwidth for the license and interfaces, not including management interfaces:
# diagnose debug vm-print-license SerialNumber: FGVMSBTM00000000 CreateDate: Sat May 16 02:27:24 2020 License expires: Mon May 17 17:00:00 2021 Key: yes Cert: yes Key2: yes Cert2: yes Model: SB (19) CPU: 2147483647 MEM: 2147483647 Bandwidth: 990000 kbps
# diagnose netlink interface list port2 if=port2 family=00 type=1 index=4 mtu=1500 link=0 master=0 ref=28 state=start present fw_flags=8000 flags=up broadcast run multicast Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:15 broadcast_addr=ff:ff:ff:ff:ff:ff inbandwidth=990000(kbps) total_bytes=0 drop_bytes=0 outbandwidth=990000(kbps) priority=0 allocated-bandwidth=10(kbps) total_bytes=125K drop_bytes=0 priority=1 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=2 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=3 allocated-bandwidth=0(kbps) total_bytes=864 drop_bytes=0 priority=4 allocated-bandwidth=989989(kbps) total_bytes=0 drop_bytes=0 stat: rxp=490 txp=574 rxb=289785 txb=126227 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=28
Aggregate interfaces
Aggregate interfaces have the same bandwidth limit as individual interfaces:
config system interface edit "agg56" set vdom "root" set allowaccess ping https ssh http set type aggregate set member "port5" "port6" set device-identification enable set lldp-transmission enable set role lan set snmp-index 15 next end
# diagnose netlink interface list agg56 if=agg56 family=00 type=1 index=16 mtu=1500 link=0 master=0 ref=42 state=start present no_carrier fw_flags=3800 flags=up broadcast master multicast Qdisc=noqueue hw_addr=00:0c:29:15:df:33 broadcast_addr=ff:ff:ff:ff:ff:ff inbandwidth=990000(kbps) total_bytes=0 drop_bytes=0 outbandwidth=990000(kbps) priority=0 allocated-bandwidth=0(kbps) total_bytes=90 drop_bytes=0 priority=1 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=2 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=3 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=4 allocated-bandwidth=110000(kbps) total_bytes=0 drop_bytes=0 stat: rxp=53501934 txp=139 rxb=3210121819 txb=17166 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=7 arp_entry=0 refcnt=42
# diagnose netlink interface list port5 if=port5 family=00 type=1 index=7 mtu=1500 link=0 master=16 ref=12 state=start present fw_flags=0 flags=up broadcast run noarp slave multicast Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:33 broadcast_addr=ff:ff:ff:ff:ff:ff inbandwidth=990000(kbps) total_bytes=0 drop_bytes=0 outbandwidth=990000(kbps) priority=0 allocated-bandwidth=0(kbps) total_bytes=8770 drop_bytes=0 priority=1 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=2 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=3 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=4 allocated-bandwidth=989999(kbps) total_bytes=0 drop_bytes=0 stat: rxp=70 txp=71 rxb=9289 txb=8770 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=12
# diagnose netlink interface list port6 if=port6 family=00 type=1 index=8 mtu=1500 link=0 master=16 ref=12 state=start present fw_flags=0 flags=up broadcast run noarp slave multicast Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:33 broadcast_addr=ff:ff:ff:ff:ff:ff inbandwidth=990000(kbps) total_bytes=0 drop_bytes=0 outbandwidth=990000(kbps) priority=0 allocated-bandwidth=0(kbps) total_bytes=8770 drop_bytes=0 priority=1 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=2 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=3 allocated-bandwidth=0(kbps) total_bytes=0 drop_bytes=0 priority=4 allocated-bandwidth=989999(kbps) total_bytes=0 drop_bytes=0 stat: rxp=54003304 txp=71 rxb=3240198976 txb=8770 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=12
Management interfaces
Normal and VPN interfaces that are dedicated to management do not have a bandwidth limitation
config system interface edit "port1" set vdom "root" set ip 10.6.30.173 255.255.255.0 set allowaccess ping https ssh http fgfm set type physical set dedicated-to management set snmp-index 1 next end
# diagnose netlink interface list port1 if=port1 family=00 type=1 index=3 mtu=1500 link=0 master=0 ref=18 state=start present fw_flags=0 flags=up broadcast run multicast Qdisc=pfifo_fast hw_addr=00:0c:29:15:df:0b broadcast_addr=ff:ff:ff:ff:ff:ff stat: rxp=6957 txp=4270 rxb=1196300 txb=2942486 rxe=0 txe=0 rxd=0 txd=0 mc=0 collision=0 re: rxl=0 rxo=0 rxc=0 rxf=0 rxfi=0 rxm=0 te: txa=0 txc=0 txfi=0 txh=0 txw=0 misc rxc=0 txc=0 input_type=0 state=3 arp_entry=0 refcnt=18
Setting the interface bandwidth
The in and out bandwidths can be configured with 10% extra bandwidth:
config system interface edit "port3" set vdom "root" set ip 172.16.200.173 255.255.255.0 set allowaccess ping https ssh snmp http telnet fgfm radius-acct probe-response fabric ftm set type physical set inbandwidth 990000 set outbandwidth 990000 set snmp-index 3 next end
Setting the bandwidth too high will result in an error:
# set inbandwidth 1000000 Should be in the range of 0 - 990000. node_check_object fail! for outbandwidth 1000000 value parse error before '1000000' Command fail. Return code -2