LAB Limiting Bandwidth With Traffic Shaping

LAB Limiting Bandwidth With Traffic Shaping

Posted on Jan 13, 2020 (0)

LAB Limiting Bandwidth With Traffic Shaping

In this lab we will learn how to use Traffic Shaping on your FortiGate to limit the bandwidth for a specific IP address, when a particular IP address uses too many resources. This task also explains how to configure traffic shaping to set a maximum bandwidth limit for uploads and/or downloads to 300 kb/s.

Task :

  • Enable Traffic Shaping from Feature Set.
  • You have to limit the traffic shaping for IP
  • Create Traffic Shaper for above IP to use MAX BW 300KB/S and guaranteed BW is 100KB/S
  • Creating Two Traffic Shaping Policy : For first Policy with shared shaper and reverse shaper as high priority and for second policy shared shaper and reverse shaper as limited bandwidth created earlier.

Solution :

Step1: Enabling Traffic Shaping

Go to System > Feature Select and under Additional Features you enable Traffic Shaping.

Creating a firewall address:

Go to Policy & Objects > Addresses here you define the address you would like to limit. Select Create New and select Address from the drop down menu which will look like below.

Configuring a traffic shaper to limit bandwidth

Go to Policy & Objects > Traffic Shapers and select Create New and define a new shared Traffic Shaper profile.

Shared shapers affect upload speeds, Reverse shapers affect download speeds, and Per IP shapers affect both upload and download speeds simultaneously.
By default, shared shapers evenly distributes the bandwidth to all policies using it. Per Policy shaping can also be  applied individually to each policy. Right-click your new limited_ bandwidth shaper, and select Edit in CLI from the drop down menu.

Enter the following CLI commands:

config system settings
set per-policy enable

Now that Per Policy shaping is enabled, edit your limited_bandwidth shaper and set Apply Shaper to Per Policy.

Create two Traffic Shaping Policies

Go to Policy & Objects > Traffic Shaping Policy and select Create New to create a shaping policy that will set high priority to regular traffic.

Under Matching Criteria, set Source, Destination, Service to match your Internet Access policy. Under Apply Shaper, set the Outgoing Interface to match your Internet Access policy and enable Shared Shaper and Reverse Shaper. Shared Shapers affect upload speeds and reverse shapers affect download speeds. Set both shapers to high-priority.

Rearrange the Policy by dragging it up.

When a computer with the IP you have specified,, browses the Internet from your internal network, its bandwidth will be restricted by the amount you set in your shaper.

Go to FortiView > Sources to view traffic, You can also view these results in a bubble graph by changing the graph type in the drop down menu. Sort by Bandwidth to verify that your regular traffic is using more bandwidth.


    You are will be the first.


Please login here to comment.