Configure visitors formation firmly – 51 safety

Faheem

Networking

This submit is to file notes associated to visitors formation for Forty Gate

Make a visitors shaper for a specified objective

  • Make a visitors shaper entry below this Insurance policies and Objects -> Site visitors formation -> Site visitors Sheepers -> Make New.

Forty Gate to form traffic

Shaper.png

Allow the visitors shaper for some SSL-VPN Hearth Wall Rule

Principally, we are going to allow the visitors formation coverage on the precept of SSLVPN firewall coverage, which to restrict us to a number of the consumer. Could make

By default, within the firewall coverage, there’s a visitors formation possibilityThis selection will solely seem after implementing a visitors shaper in a decent coverage with the next CLI orders:

Kind a firewall coverage

Edit

Set the visitors shaper

Set Site visitors-Shiper Reverse

Ultimately

As soon as the aforementioned modifications are accomplished from the CLI, the identical coverage could have the choice of making a visitors in GUI.


NETSEC-FGT # config firewall coverage 

NETSEC-FGT (coverage) # edit 19

NETSEC-FGT (19) # present
config firewall coverage
    edit 19
        set title "FortiClient-2-SJC"
        set uuid 1c0c50be-279c-51ef-edd3-5eedaae960c9
        set srcintf "ssl.root"
        set dstintf "NETSEC-2-ATT-SJC"
        set motion settle for
        set srcaddr "all"
        set dstaddr "NETSEC-2-ATT_remote"
        set schedule "at all times"
        set service "ALL"
        set logtraffic all
        set nat allow
        set ippool allow
        set poolname "sslvpn-pool"
        set teams "Distant Customers"
        set traffic-shaper "low-priority"
        set traffic-shaper-reverse "low-priority"
    subsequent
finish

NETSEC-FGT (19) #

After lively visitors shaper coverage, net GUI will appear to be:

Checking which visitors shaper is used

https://commune.Fortine.com/t5/Fortigate/technical-how-u-co-configure-and-check-which-traaffic-shaper-is/ta-p/19885

Sequence

The visitors formation coverage is used:

#Config firewall formation coverage
Edit 1
Service “All”
Set DSTINTF “Port 1”
Set the visitors shaper “Joint -1m Pipe”
Site visitors -shiper reverse “Joint -1m Pipe”
SRCADDR
Dustaddr compile “All”
Subsequent
Ultimately

The formation of visitors itself is created on an IPV4 coverage:

#Chug Firewall Coverage
Edit 3
Set the title “Enable the Web”
Uuid 602779c8-DAD4-51E9-F897-36E313f6A3BC Set
Set Srcintf “Port 2”
Set DSTINTF “Port 1”
SRCADDR
Dustaddr compile “All”
Settle for Set Motion
Schedule “at all times”
Service “All”
Set all of the log visitors
Disable FSSO
Set Site visitors Sheeper “Joint 500 Kbps”
Set the Site visitors Shaper Reverse “Mixed 500 Kbps”
Set NAT Allow
Subsequent
Ultimately

Filter to verify

Use the next filter to show the session:

#Diagaganos System Session Filter SRC 192.168.88.1
#Digaganos System Session Filter D Port 443

Then, to show the session, use the next command:

#Diagnostic system session record
Session Info: Proto = 6 Proto_State = 01 Period = 79 Ex -expiration = 3596 Time Out = 3600 Flag = 00000000 Sak Flug = 00000000 Sakk Port = 0 av_idx = 0 Utilization = 4
Oregon Shaper = Joint -1M Pipe Execs = 2 Assure 0bps Max 131072bps Site visitors 364bps 520B
Response -Shipper = Joint -1M Pipe Personal = 2 Assure 0bps Most 131072bps Site visitors 364bps drops 198404b
Per_ip_shaper =

From the output, “Joint -1m pipe“Shipper is used. Which means this session can be successfully formed utilizing this shaper.
Lastly, the visitors formation insurance policies take precedence over the visitors shekeepers shaped on the IPV4 coverage.

Leave a Comment

© 2025 Tech Info Park by Faheem Mushtaq