Hot!Having a hard time understanding Traffic Shaping

Author
itoperations
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2019/04/02 08:44:37
  • Status: offline
2019/04/02 08:52:34 (permalink)
0

Having a hard time understanding Traffic Shaping

Hello All, I'm currently using 2 Fortigate 201E setup for HA.
 
Our current ISP is giving us 50Mbs
 
We just moved from Cisco ASA's to these new Fortigate Firewalls.
 
Before the switch there was never any bandwidth issue.
 
Problem is now it seems Downloading and uploading files takes way to long only getting like 500kbs per second.
 
Now I know this can be rectified using Traffic shaping.
 
I'll explain my Environment and what I need to do and hopefully someone can explain how I can setup my Shapers to work within that situation.
 
Sales force is our Top priority so when someone goes there they need to be able to browse it and any attachments really quickly so Give it a High Priority, Next would be downloads/Uploads as people are always uploading stuff to youtube here and Downloading attachments etc from websites. Lowest Priority would be Drop box downloading and uploading stuff there however it needs to be relatively quick for those that use it to upload a 3gb file shouldn't take 3 hours if you catch my drift, Our current ISP is giving us 50Mbs we are upgrading that soon to 100 but in the meantime that's what I'm working with
Then everything else would fall into another category on it's own I suppose. Currently 1 user can take up all the bandwidth syncing his drop box. So I'd like everyone to share the 50MB equally so that 1 user can't hog all the bandwidth.
 
I'm really new to Fortigate OS and networking in general so I apologize in advance but really need to figure this out.
 
Many thanks in advance.
#1

7 Replies Related Threads

    itoperations
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/04/02 08:44:37
    • Status: offline
    Re: Having a hard time understanding Traffic Shaping 2019/04/02 09:09:50 (permalink)
    0
    Forgot to add that firmware version FortiOS v6.0.3 build0200 (GA) currently.
    #2
    lobstercreed
    Gold Member
    • Total Posts : 132
    • Scores: 21
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: Having a hard time understanding Traffic Shaping 2019/04/02 19:24:09 (permalink)
    0
    Check out the following links for details about how to set this up.  There is a bit of a learning curve with shaping (on any platform), and I don't have much experience in it myself on the FortiGate.
     
    https://help.fortinet.com/fos50hlp/56/Content/FortiOS/fortigate-traffic-shaping/TS_Configuration/TS_Configuring.htm
     
    https://cookbook.fortinet.com/traffic-shaping-bandwidth-56/
     
    I would start with an application shaper for Salesforce, and then add a basic Per-IP shaper for all types of traffic to keep a single user from hogging all the bandwidth.  You may not need to worry about the other details in-between with that in place, but those are at least the two easiest pieces to set up.
     
    - Daniel
    #3
    itoperations
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/04/02 08:44:37
    • Status: offline
    Re: Having a hard time understanding Traffic Shaping 2019/04/02 21:18:14 (permalink)
    0
    Daniel,
     
    thanks for that, however I've looked through all the documentation I can find and it doesn't seem to help me. Right now I've managed to make the Sales Force people happy by creating a Per IP policy based on traffic going to Sales Force and gave them 25mbs guaranteed bandwidth, however people accessing downloading anything from drop box or the internet get speed of like 300kbps which is not good at all most downloads fail due to time out. I'm at a loss what to do at this point. I made a Shared shaper for max bandwidth of 50Mbs for all traffic and along with the per ip for Salesforce but our download speed are not good at all.
    #4
    lobstercreed
    Gold Member
    • Total Posts : 132
    • Scores: 21
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: Having a hard time understanding Traffic Shaping 2019/04/03 05:19:13 (permalink)
    0
    I don't think you want a Per IP policy for Sales Force but rather a shared shaper of 25 Mbps.  If I understand per-IP (which admittedly I haven't had to use), it allocates the specified bandwidth per user.  So 2 Salesforce users could suck down your entire 50Mbps and leave everything else crawling. 
    Maybe to make sure per IP is understood you would want to create a shaping policy that matches all traffic with a small per IP shaper (maybe 5 Mbps depending on your user count) and see if it works as expected.  (You'll want to disable all other shaping policies while you test).
    To me the expected behavior would be that each user (regardless of application, so you could test this by just going to speedtest.net) should be limited to 5Mbps.  That should leave plenty of bandwidth for each user, up to at least 10 users, and that will give you a much more reasonable download speed (though of course keep in mind the difference between Kbps and KB/s).
    #5
    itoperations
    New Member
    • Total Posts : 4
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/04/02 08:44:37
    • Status: offline
    Re: Having a hard time understanding Traffic Shaping 2019/04/03 05:27:51 (permalink)
    0
    From the Forinet site for Traffic shaping methods
     
    "Per-IP traffic shaping enables you limit the behavior of every member of a policy to avoid one user from using all the available bandwidth - it now is shared within a group equally."
     
     I dont' think that's the case as from what it says on the fortinet site It says it's shared within a group equally
     
    So if that's the case that explains why my Salesforce team is happy at the moment. So I went ahead and did the same thing for drop box made a per-ip policy for dropbox traffic of a max bandwidth of 20Mbs
     
    Then a shared shaper for https:downloads with a low priority for 10Mbs and then a remaind shaper for everything else.

    Will see how that goes today
    post edited by itoperations - 2019/04/03 05:31:47
    #6
    lobstercreed
    Gold Member
    • Total Posts : 132
    • Scores: 21
    • Reward points: 0
    • Joined: 2018/11/28 14:57:58
    • Location: Sedalia, MO
    • Status: offline
    Re: Having a hard time understanding Traffic Shaping 2019/04/03 08:03:09 (permalink)
    0
    I could be wrong, but I just tested some stuff and it looks like the result is more or less what I first suggested.
     
    If you combine shared shaper with per-ip shaper, you can achieve the result quoted on the website.  If you *just* use a per-IP shaper, each user should get that amount of bandwidth carved out.  That's what I was afraid you had done with the Salesforce policy, but if you have a per-ip along with a shared shaper then it would probably work well.
     
    Just be careful of overprovisioning if you use multiple per-ip shapers without shared shapers.  I'll be interested in your result today.
    #7
    StasMa
    New Member
    • Total Posts : 1
    • Scores: 0
    • Reward points: 0
    • Joined: 2019/09/30 08:25:05
    • Status: offline
    Re: Having a hard time understanding Traffic Shaping 2019/10/09 05:54:41 (permalink)
    0
    better just use salesforce
    #8
    Jump to:
    © 2019 APG vNext Commercial Version 5.5