📡

FortiGate Traffic Shaping Feature

Jul 15, 2024

FortiGate Traffic Shaping Feature

Overview

  • Using Fortigate 61E hardware
  • Firmware version: 7.0.1

Roadmap Summary

  1. Basics of QoS (Quality of Service)
  2. Walkthrough configuration of Traffic Shaping
  3. Verification using Speedtest.net
  4. Troubleshooting and verification using CLI

Basics of QoS

  • QoS (Quality of Service): Open standard used across various vendors like Cisco, Juniper, etc.
  • Main Parameters of QoS:
    • Bandwidth
    • Delay
    • Jitter
    • Loss
  • Layer 2 vs Layer 3:
    • Layer 2: 802.1p class of services
    • Layer 3: DHCP and type of services (used in firewall)

QoS Process

  1. Admission Control: Checks packet size, queue length etc.
  2. Classification: Determines type of packet (high priority, low priority, default, etc.)
  3. Marking and Policing: Uses algorithms like token-based bucketing
    • Fortigate uses token-based bucket algorithm
  4. Queuing and Scheduling:
    • High, low, medium queues with high priority queue having minimal delay
  5. Traffic Shaping: Usually involves shaping over policing

Classification Types

  • Network Control Traffic: High priority
  • User and Data Traffic: Subdivided based on bit rates
    • Constant Bit Rate (e.g., VoIP)
    • Variable Bit Rate (e.g., interactive videos)
    • IPTV/Streaming
    • Best Effort

Configuration Walkthrough

  • Prioritize traffic based on business requirements (e.g., Office 365, Salesforce, VoIP)
  • Fortigate supports three types of traffic shaping:
    1. Shared
    2. Per IP
    3. Interface Based
  • Traffic Shaping Profiles:
    • Example: Create a shared shaper with 2MB max bandwidth and 1MB guaranteed

Demonstration: Shared Traffic Shaping

  1. Create Profile
    • 2MB max, 1MB guaranteed
  2. Apply Policy
    • Configure policy to prioritize certain traffic (e.g., video streaming)
  3. Verification
    • Disable policy, run Speedtest.net for baseline
    • Enable policy, run Speedtest.net to verify traffic shaping
  4. Check Session Table via CLI
    • Verify shaping policy is applied
    • Example commands: diagnose system session filter src ..., diagnose system session list

Demonstration: Per IP Traffic Shaping

  1. Create Per IP Shaper
    • 5MB max bandwidth per IP
  2. Apply Policy
    • Similar process as shared shaper
  3. Verification
    • Check Speedtest.net and CLI for results

Demonstration: Interface Based Traffic Shaping

  1. Create Interface Based Shaper
    • Requires hardware with NP6 chipset (e.g., models above 500)
    • Configure bandwidth percentages for different classes
  2. Apply Policy
    • Define traffic shaping profile on WAN interface
  3. Verification
    • Check CLI and interface levels for applied configurations

Final Verification and Testing

  • Used CLI to diagnose session policies
  • Verified policy application using Speedtest.net
  • Demonstrated configuration and verification for different shaping models

Conclusion

  • Covered basics of QoS and detailed steps for configuring traffic shaping on Fortigate
  • Demonstrated three types of traffic shaping
  • Verified configurations using GUI and CLI

Full transcript