Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
monicagoodlett
New Contributor

Time-based traffic policy

Is there a way to make time-based traffic shaper policies? Example. During working hours, I would use a limit for each ip of xx Mb. In the evening, this may / should be removed or increased by many Mb.

I want to stay away from two common traffic policies, which may be based on time.

https://www.google.com.vn/

9 REPLIES 9
emnoc
Esteemed Contributor III

 

I want to stay away from two common traffic policies, which may be based on time.

 

Why? Having two policies with different shape is what and how you would do this is.How would you expect a new TS to take place if you didn't have a policy with TimeOfDay schedule set?

 

Ken

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
bobm
New Contributor III

The other thing you can do is set one or the other level as baseline, and then a specific TOD policy higher in the chain. I have a "Work Hours" schedule set from 8am-noon and 1-5pm that tightens down web filtering, but then off-hours and during lunch break the fw is more open, with the default policy being the more open. Seems to work well. 

Philippe_Gagne

Hi,

 

The feature doesn't exist in 5.6.0 to 5.6.2. This was a Feature Request that was done last year and add in CLI in 5.6.3,

 

 

and available in GUI in 6.0.0.

 

 

Have a nice day!

 

Philippe

Sudarsan_Babu

Hello Philippe,

 

Sounds good.

Can you please share screen shot for schedule option  how you setup. 

Regards,

Sudarsan Babu P

Regards, Sudarsan Babu P
Philippe_Gagne

Hi,

Sorry for the delay! :)

 

Let say we have a Internet link 100Mbps/100Mbps

 

Create schedule for DayTime:

config firewall schedule recurring  edit "DayTime-7to17"    set start 07:00    set end 17:00    set day sunday monday tuesday wednesday thursday friday saturday  next end

 

Create shared shapers: config firewall shaper traffic-shaper  edit "Shared-75Mbps"    set maximum-bandwidth 76800    set priority low  next  edit "Shared-50Mbps"    set maximum-bandwidth 51200    set priority low  next end

 

Create Per-IP shapers: config firewall shaper per-ip-shaper  edit "Per-IP-4Mpbs"    set max-bandwidth 4096  next  edit "Per-IP-10Mbps"    set max-bandwidth 10240  next end

 

Create now Shaping policies: config firewall shaping-policy  edit 1    set service "ALL"    set schedule "DayTime-7to17"    set dstintf "wan1"    set traffic-shaper "Shared-50Mbps"    set traffic-shaper-reverse "Shared-50Mbps"    set per-ip-shaper "Per-IP-4Mpbs"    set srcaddr "User-Network"    set dstaddr "all"  next  edit 2    set service "ALL"    set dstintf "wan1"    set traffic-shaper "Shared-75Mbps"    set traffic-shaper-reverse "Shared-75Mbps"    set per-ip-shaper "Per-IP-10Mbps"    set srcaddr "User-Network"    set dstaddr "all"  next end

 

Shaping policies are applied the same way as firewall policies: top-down matches.

 

Have a nice day

 

Philippe

 

emnoc
Esteemed Contributor III

Nice , will have to look at this more

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Sudarsan_Babu

Thanks superb . 

 

Regards,

Sudarsan Babu P

Regards,

Sudarsan Babu P

Regards, Sudarsan Babu P
Asus

Hi philippe 

 

Thanks for updating it's really nice info

benevolent share CLI to check feature 

 

Thanks & Regards

Asus

Thanks & Regards Asus
hervaltelecom
New Contributor III

Can i still use this via cli on 5.4.6?

Labels
Top Kudoed Authors