Hot!Throttling UDP sessions

Author
aagrafi
Gold Member
  • Total Posts : 198
  • Scores: 8
  • Reward points: 0
  • Joined: 2016/03/09 01:47:25
  • Status: offline
2020/09/01 05:05:51 (permalink)
0

Throttling UDP sessions

Hello,
 
I want to throttle UDP outgoing traffic in a FG. More specifically, I want to restrict the UDP DNS requests per second over a WAN link. What is the most efficient way to do that, if any? Can this be done with traffic shaping or do you have any other way to do that?
 
Thanks
#1

3 Replies Related Threads

    timwardlaw
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/09/01 06:29:16
    • Status: offline
    Re: Throttling UDP sessions 2020/09/01 06:44:44 (permalink)
    0
    I've not done this specifically and I don't know if there is a better way of doing this, but in my environment I would create a rule and place it before everything else and begin with a throttle rule to the dns server or on just dns traffic.  Now, you need to be careful here since you could potentially impact your internal network by doing it as an any rule, so be sure to apply it on the wan link only.
     
    If this is a huge issue for you I would suggest doing a packet capture to see what all these requests are that they are using up enough bandwidth to cause an issue.  Hopefully you can get another response that may better address this.
     
    https://help.fortinet.com...m?Highlight=throttling
    -Tim
    #2
    aagrafi
    Gold Member
    • Total Posts : 198
    • Scores: 8
    • Reward points: 0
    • Joined: 2016/03/09 01:47:25
    • Status: offline
    Re: Throttling UDP sessions 2020/09/01 13:38:33 (permalink)
    0
    Thanks for the reply.
     
    So, you are proposing to do traffic shaping, which means that we have to do bandwidth throttling. Ideally I would prefer the option of throttling DNS requests per second (something like FortiOS DoS thresholds but in the outbound traffic), but I know this is probably not supported.
     
    To answer your second question, it seems this is an issue to my customer, because the FG is in a cruise ship, where the bandwidth over satellite is an expensive resource. On the other hand, DNS throttling might break the network down. I'm not sure if this is going to work anyway...
    #3
    SanZ
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/04/24 09:56:28
    • Status: offline
    Re: Throttling UDP sessions 2020/09/02 10:15:08 (permalink)
    0
    I would review this section: 
    https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/278575/limiting-bandwidth-with-traffic-shaping
     
    however; I would definitely be very careful on throttling UDP traffic. 
    #4
    Jump to:
    © 2020 APG vNext Commercial Version 5.5