Limiting bandwidth with traffic shaping
When a particular IP address uses too many resources you can prevent that IP from consuming your bandwidth indiscriminately. In this recipe, you learn how to use Traffic Shaping on your Fortigate to limit the bandwidth for a specific IP address.
First, you will enable traffic shaping and create an address object to target a specific internal IP address. Then, you will create a shared shaper and a security policy that uses that specific IP address as the source address.
This recipe also explains how to configure traffic shaping to set a maximum bandwidth limit for uploads and/or downloads to 200 kb/s.
1. Enabling Traffic Shaping
2. Creating an Address Object
Go to Policy & Objects > Objects > Addresses and select Create New to define the address you would like to limit.
Set Category to Address and enter a name (in the example, limited_bandwidth) .
Lastly, set Interface to any and select Show in Address List.
3. Configuring a traffic shaper to limit bandwidth
Go to Policy & Objects > Objects > Traffic Shapers and select Create New to define a new Shared Traffic Shaper profile .
Set Type to Shared .* Set Apply shaper to Per Policy .*
Set Traffic Priority to Medium .*
4. Creating a security policy
Go to Policy & Objects > Policy > IPv4 and create a new security policy to limit bandwidth for the IP address you configured in Step 2.
Set the Source Address to limited_bandwidth .
Enable Shared Shaper and Reverse Shaper and select limited-bandwith from the drop down menu. The Shared Shaper restricts the bandwidth for uploads and the Reverse Shaper restricts downloads.
When a computer with the IP you have specified, 10.1.10.10, browses the Internet from your internal network, its bandwidth will be restricted by the amount you set in your shaper.
Go to System > FortiView > Sources to view traffic, and use the search field to filter your results by Source IP.
Go to Policy & Objects > Monitor > Traffic Shaper Monitor and set the Report By option to Current Bandwidth . If the standard traffic volume is high enough, it will top out at the maximum bandwidth defined by each shaper. In this example, you can see that the bandwidth does not exceed your set limit: 200kb/s.
You can also set Report By to Dropped Packets to get an idea of whether your traffic shaper settings need to be adjusted. For example, if there are very few dropped packets, you may need to set a higher Maximum Bandwidth in your shaper.
Liquid Layer Networks