Wish i would've found your video tutorials years ago. Great content always. Traffic shaping goes next in my organization. I think a better video will be using same policy and suppress the windows updates that are killing our computers and networks these days .
Good stuff and what I was looking for. i need to build and test this in my lab. If you wanted to do another video with more indepth features that would be appreciated.
I would have really liked to see how the app control security policy was configured. That's the piece of the puzzle that's missing for me - how the traffic shaping policy, and the firewall policy, are linked.
Thanks for this video. Your explanation is very clear. Would really appreciate, if you could make a video for Per-IP , because this is essential for my business. Secondly, please explain, in case we need to modify it, after making it live. One more very important request, is it possible to do this shaping for any device by MAC Address, instead of an IP. because only MAC remains static. Thanks
Hey! I know this might sound weird, but I believe that my college dorm's internet has used traffic shaping to slow down netflix. Now the weird part, is that it is the only site that has been throttled down, prime, hulu and hotstar all seem to work fine. It has been throttled down so much that netflix loads in basic html. Is there a bypass to this, the technical coordinator says that no such thing has happened so this isn't illegal if I manage to bypass it.
Hi. Thanks for the upload. I've tried running this but not getting any standard results with youtube via browser. Only ever got it to work a couple od times and that was just random. From what Fortigate support has told us, we need to enable deep SSL inspection and have SSL certs installed on devices.
Running DPI gives you significantly more control and visibility. It will prevent some upload / viewing traffic as being displayed as HTTPS only meaning you have more control over what is throttled etc.
Amazing content! Do you think this would work the opposite? For example I want certain applications to have priority. Could I set up a Traffic Shaper with large bandwidth and high priority. And then setup a Traffic Shaping Policy to include the application on all source, destination, and interfaces?
So If I want to limit a vlan to say, 300mbps in total, but I also want to limit an application to 100mbps and a second application to 100mbps that is doable? I'd have to create 3 shapers for the one vlan correct? One for 300mpbs for the entire vlan, one for application 1 at 100mbps and one for application 2 at 100mbps?
I've tried applying this for people watching Twitch on the network but under "traffic shapers" it never shows much bandwidth utilization if any. Which is kinda strange because if I view the bandwidth being used by twitch on the FG its way more. Any ideas?
You set the bandwidth throughput capabilities of the interface on the interface itself. Then, you set the traffic shaping priority, minimum (or maximum) throughput allowed on the traffic shaper itself. From there, you define the policy to which you want the shaper applied.
Hello there, I would like to apply the shared traffic shaper to device groups that I have created but I can not figure it out. I have applied per ip shaping to the group, but also I want all device in that group to not use more than a certain bandwith, please kindly assist.
Any particular setting on fortinet that limit the TCP traffic? TCP traffic speed over fortinet is very less whereas UDP is faster. Any specific setting i should looked at?
Is it possible with Fortigate, let say i have 10MB, i want to reserve or guarantee 60% of the total BW to Office365 and 40% for the rest of bulk traffic ?
Hello sir, is there any way to exclude local network from traffic shaping policy like Mikrotik Queues. i have two fortigate. one is in main office and another one is in resident. i just share the internet from main office to residence . if i access our local file servers of Main office, it works only as per traffic shaping. i want to give limited speed for internet and unlimited speed for accessing local network file servers.
Going to depend heavily on the amount of utilization you are receiving across the circuit. You can do shared shapers or more to help mitigate this issue.
Hi, I wonder if you can guide. I have Ubuntu with WMware workstation 15 player and wanted to install Fortinet VM, but the only file I see after down load is fotios.qcow2. Do not know how to install from this one. Can you help please.
@Fortinet Guru Today I got one "attack" on the firewall with over 100K UDP connections from one IP. I killed them all and now its fine. Is there any way to use per IP traffic shaping to limit the amount of connections per IP? I had a look already and im not quite sure how to make a correct configuration for connections comming in, not going out. Thank you as always!
I have been tasked to trying to limit wireless bandwidth usage so that wireless cameras have priority... can you give me somewhat of a direction to go in? Thanks
Thanks for this video. Question, to make priority, garantee and max bandwith to work on lan to wan interface. Is the inbandwidth / outbandwidth mandatory on this wan interface? Regards
You are configuring based on utilization seen on the gate. Not percentages or anything like that so you don't necessarily have to use the bandwidth parameters on the interface itself. Though having them completed is beneficial in general to having a tidy config.
Hi, i have a question that maybe you can help me, i realize that when creating a traffic shapping policy i can only put address as source and destination, most of the time i create my IPV4 policy from a vlan to wan with ALL as source (because is already segmented with the vlan), my question is, would my traffic shapper work if i created it with a vlan range address or should i create both (IPv4 policy and Traffic Shapping policy) with the same source?
Great video. Nice to see, you're back with frequent videos.
hello friend can you make a video of how to configure traffic shaping in a VPN SITE to SITE
Best explanation 👌 thank you 😊
Good One, make a video on SIP ALG as well, I have seen this issue multiple time in the multi Tenent environment cheers
Sounds good
Wish i would've found your video tutorials years ago. Great content always. Traffic shaping goes next in my organization. I think a better video will be using same policy and suppress the windows updates that are killing our computers and networks these days .
Thank you for another very helpful video.
Thanks for clear instructions, on spot !!!
You are very welcome
Great video. IF i wanted to make sure Zoom and Teams were getting good bandwidth would i similarily do it here?
Good stuff and what I was looking for. i need to build and test this in my lab. If you wanted to do another video with more indepth features that would be appreciated.
awesome tutorial
good sharing and explanation👍
Terrific video and explanations.
I would have really liked to see how the app control security policy was configured. That's the piece of the puzzle that's missing for me - how the traffic shaping policy, and the firewall policy, are linked.
Thanks for this video. Your explanation is very clear. Would really appreciate, if you could make a video for Per-IP , because this is essential for my business. Secondly, please explain, in case we need to modify it, after making it live. One more very important request, is it possible to do this shaping for any device by MAC Address, instead of an IP. because only MAC remains static. Thanks
Hello. How do i access the forti Analyzer to know which applications or devices are consuming high bandwidth
Hey! I know this might sound weird, but I believe that my college dorm's internet has used traffic shaping to slow down netflix. Now the weird part, is that it is the only site that has been throttled down, prime, hulu and hotstar all seem to work fine. It has been throttled down so much that netflix loads in basic html. Is there a bypass to this, the technical coordinator says that no such thing has happened so this isn't illegal if I manage to bypass it.
Hi. Thanks for the upload.
I've tried running this but not getting any standard results with youtube via browser. Only ever got it to work a couple od times and that was just random. From what Fortigate support has told us, we need to enable deep SSL inspection and have SSL certs installed on devices.
Running DPI gives you significantly more control and visibility. It will prevent some upload / viewing traffic as being displayed as HTTPS only meaning you have more control over what is throttled etc.
Amazing content! Do you think this would work the opposite? For example I want certain applications to have priority. Could I set up a Traffic Shaper with large bandwidth and high priority. And then setup a Traffic Shaping Policy to include the application on all source, destination, and interfaces?
Thank you for the video. It really helps a lot. Does Traffic Shaping work on multicast traffic?
nice video on shaping; can you do one on SIP?
This is great, thanks. Can I use traffic shapers to prioritize Microsoft Teams traffic?
Thanks 👍
Thank you for this Video. Can you share the details of UA-cam you have created? The URLs or perhaps advise where to get the URL specific for youtube.
Could you please have a shot on "traffic shaping profile"
Hello sir please how can I limit my students to education channel on UA-cam and block all social media on students accounts??
So If I want to limit a vlan to say, 300mbps in total, but I also want to limit an application to 100mbps and a second application to 100mbps that is doable? I'd have to create 3 shapers for the one vlan correct? One for 300mpbs for the entire vlan, one for application 1 at 100mbps and one for application 2 at 100mbps?
I've tried applying this for people watching Twitch on the network but under "traffic shapers" it never shows much bandwidth utilization if any. Which is kinda strange because if I view the bandwidth being used by twitch on the FG its way more. Any ideas?
hello.
is possibile to shaping any website or just what is listed on applications list?
Nice, it help me thanks
can you please help me with Slow download speed on Fortigate 50E?
Traffic shaping comes into action when traffic reach a particular threshold. Where that threshold has been defined?
You set the bandwidth throughput capabilities of the interface on the interface itself. Then, you set the traffic shaping priority, minimum (or maximum) throughput allowed on the traffic shaper itself. From there, you define the policy to which you want the shaper applied.
Hello there, I would like to apply the shared traffic shaper to device groups that I have created but I can not figure it out. I have applied per ip shaping to the group, but also I want all device in that group to not use more than a certain bandwith, please kindly assist.
Can we do traffic shaping for patches going thru isp1 and isp2 for reverse traffic?
Any particular setting on fortinet that limit the TCP traffic? TCP traffic speed over fortinet is very less whereas UDP is faster. Any specific setting i should looked at?
I think it will not work without ssl decrypt.
Is it possible with Fortigate, let say i have 10MB, i want to reserve or guarantee 60% of the total BW to Office365 and 40% for the rest of bulk traffic ?
but can you do different shaping on upload/download?
must you need use shared shaper to make the policy work ?
How to check if the policy already work or no ?
Hello sir, is there any way to exclude local network from traffic shaping policy like Mikrotik Queues. i have two fortigate. one is in main office and another one is in resident. i just share the internet from main office to residence . if i access our local file servers of Main office, it works only as per traffic shaping. i want to give limited speed for internet and unlimited speed for accessing local network file servers.
i want to give max bandwidth to rdp , As our users are facing frequent disconnection while using SAP server application. please refer me some solution
Going to depend heavily on the amount of utilization you are receiving across the circuit. You can do shared shapers or more to help mitigate this issue.
Hi, I wonder if you can guide. I have Ubuntu with WMware workstation 15 player and wanted to install Fortinet VM, but the only file I see after down load is fotios.qcow2. Do not know how to install from this one. Can you help please.
how to strengthen the Whatsapp video call in Fortigate?
@Fortinet Guru
Today I got one "attack" on the firewall with over 100K UDP connections from one IP. I killed them all and now its fine. Is there any way to use per IP traffic shaping to limit the amount of connections per IP? I had a look already and im not quite sure how to make a correct configuration for connections comming in, not going out.
Thank you as always!
You probably want a DOS policy to help mitigate that.
@@FortinetGuru Thank you for your answer! I'll activate that feature and take a look at it, thanks !
I have been tasked to trying to limit wireless bandwidth usage so that wireless cameras have priority... can you give me somewhat of a direction to go in?
Thanks
let me know more details of your setup and I will see what I can do. You can use my contact form @ FortinetGURU.COM
@@FortinetGuru Thank you... we are going with UniFi access points... it appears that they can handle the throttling on their own.
Thanks for this video. Question, to make priority, garantee and max bandwith to work on lan to wan interface. Is the inbandwidth / outbandwidth mandatory on this wan interface? Regards
You are configuring based on utilization seen on the gate. Not percentages or anything like that so you don't necessarily have to use the bandwidth parameters on the interface itself. Though having them completed is beneficial in general to having a tidy config.
Could you please tell what is traffic shape profile used for ?
He did... at the beginning of the video ad nauseum
Hi, i have a question that maybe you can help me, i realize that when creating a traffic shapping policy i can only put address as source and destination, most of the time i create my IPV4 policy from a vlan to wan with ALL as source (because is already segmented with the vlan), my question is, would my traffic shapper work if i created it with a vlan range address or should i create both (IPv4 policy and Traffic Shapping policy) with the same source?
👍
Had to fix it after I made that glaring oversight!
@@FortinetGuru Glad it wasn't me. LOL. Hey, where is MONITOR in 6.4?
NVM, Found it. New Dashboard, just had to Drill down to details. ugh!
Can you please do ipsec vpn failover vpn video for us.,.
Sure