FortiGate: Basic Traffic Shaping Of YouTube (FortiOS 6.4.0)
HTML-код
- Опубликовано: 8 май 2020
- Embarrassed to say that I had to redo this video. Thanks to my viewers for letting me know the original had a glaring mistake! It's ok, I have hired a fellow engineer for quality control!
This video dives into an organization that only has a 20 meg internet connection. They need to limit youtube to 5 megs or less of their bandwidth so business functions will continue as intended. They don't want to block RUclips because they look at it as a morale booster for their group.
Dive in to the video and learn how to Traffic Shape RUclips on a FortiGate that is running FortiOS 6.4.0
Buy Hardware: bit.ly/2QZVeqh
Get Consulting: bit.ly/36FinSU
My Other Projects:
Office Of The CISO: bit.ly/3HGMH1o
Packet Llama: bit.ly/3SEX3H4
###### SOCIAL LINKS ######
Twitter: bit.ly/2WXiRAv
Facebook: bit.ly/3eigz4D
Instagram: bit.ly/3cZneAz
######################
Great video. Nice to see, you're back with frequent videos.
Wish i would've found your video tutorials years ago. Great content always. Traffic shaping goes next in my organization. I think a better video will be using same policy and suppress the windows updates that are killing our computers and networks these days .
Thank you for another very helpful video.
Good stuff and what I was looking for. i need to build and test this in my lab. If you wanted to do another video with more indepth features that would be appreciated.
Terrific video and explanations.
Best explanation 👌 thank you 😊
Thank you for the video. It really helps a lot. Does Traffic Shaping work on multicast traffic?
Thanks for clear instructions, on spot !!!
You are very welcome
good sharing and explanation👍
This is great, thanks. Can I use traffic shapers to prioritize Microsoft Teams traffic?
I would have really liked to see how the app control security policy was configured. That's the piece of the puzzle that's missing for me - how the traffic shaping policy, and the firewall policy, are linked.
Thanks for this video. Your explanation is very clear. Would really appreciate, if you could make a video for Per-IP , because this is essential for my business. Secondly, please explain, in case we need to modify it, after making it live. One more very important request, is it possible to do this shaping for any device by MAC Address, instead of an IP. because only MAC remains static. Thanks
Thank you for this Video. Can you share the details of RUclips you have created? The URLs or perhaps advise where to get the URL specific for youtube.
Amazing content! Do you think this would work the opposite? For example I want certain applications to have priority. Could I set up a Traffic Shaper with large bandwidth and high priority. And then setup a Traffic Shaping Policy to include the application on all source, destination, and interfaces?
awesome tutorial
nice video on shaping; can you do one on SIP?
I've tried applying this for people watching Twitch on the network but under "traffic shapers" it never shows much bandwidth utilization if any. Which is kinda strange because if I view the bandwidth being used by twitch on the FG its way more. Any ideas?
Great video. IF i wanted to make sure Zoom and Teams were getting good bandwidth would i similarily do it here?
Good One, make a video on SIP ALG as well, I have seen this issue multiple time in the multi Tenent environment cheers
Sounds good
but can you do different shaping on upload/download?
must you need use shared shaper to make the policy work ?
Any particular setting on fortinet that limit the TCP traffic? TCP traffic speed over fortinet is very less whereas UDP is faster. Any specific setting i should looked at?
Hi, i have a question that maybe you can help me, i realize that when creating a traffic shapping policy i can only put address as source and destination, most of the time i create my IPV4 policy from a vlan to wan with ALL as source (because is already segmented with the vlan), my question is, would my traffic shapper work if i created it with a vlan range address or should i create both (IPv4 policy and Traffic Shapping policy) with the same source?
Could you please have a shot on "traffic shaping profile"
Hello there, I would like to apply the shared traffic shaper to device groups that I have created but I can not figure it out. I have applied per ip shaping to the group, but also I want all device in that group to not use more than a certain bandwith, please kindly assist.
Thanks 👍
Can we do traffic shaping for patches going thru isp1 and isp2 for reverse traffic?
Nice, it help me thanks
hello.
is possibile to shaping any website or just what is listed on applications list?
Hello sir, is there any way to exclude local network from traffic shaping policy like Mikrotik Queues. i have two fortigate. one is in main office and another one is in resident. i just share the internet from main office to residence . if i access our local file servers of Main office, it works only as per traffic shaping. i want to give limited speed for internet and unlimited speed for accessing local network file servers.
Hi, I wonder if you can guide. I have Ubuntu with WMware workstation 15 player and wanted to install Fortinet VM, but the only file I see after down load is fotios.qcow2. Do not know how to install from this one. Can you help please.
Hey! I know this might sound weird, but I believe that my college dorm's internet has used traffic shaping to slow down netflix. Now the weird part, is that it is the only site that has been throttled down, prime, hulu and hotstar all seem to work fine. It has been throttled down so much that netflix loads in basic html. Is there a bypass to this, the technical coordinator says that no such thing has happened so this isn't illegal if I manage to bypass it.
Thanks for this video. Question, to make priority, garantee and max bandwith to work on lan to wan interface. Is the inbandwidth / outbandwidth mandatory on this wan interface? Regards
You are configuring based on utilization seen on the gate. Not percentages or anything like that so you don't necessarily have to use the bandwidth parameters on the interface itself. Though having them completed is beneficial in general to having a tidy config.
can you please help me with Slow download speed on Fortigate 50E?
So If I want to limit a vlan to say, 300mbps in total, but I also want to limit an application to 100mbps and a second application to 100mbps that is doable? I'd have to create 3 shapers for the one vlan correct? One for 300mpbs for the entire vlan, one for application 1 at 100mbps and one for application 2 at 100mbps?
Hi. Thanks for the upload.
I've tried running this but not getting any standard results with youtube via browser. Only ever got it to work a couple od times and that was just random. From what Fortigate support has told us, we need to enable deep SSL inspection and have SSL certs installed on devices.
Running DPI gives you significantly more control and visibility. It will prevent some upload / viewing traffic as being displayed as HTTPS only meaning you have more control over what is throttled etc.
How to check if the policy already work or no ?
hello friend can you make a video of how to configure traffic shaping in a VPN SITE to SITE
Is it possible with Fortigate, let say i have 10MB, i want to reserve or guarantee 60% of the total BW to Office365 and 40% for the rest of bulk traffic ?
Hello sir please how can I limit my students to education channel on RUclips and block all social media on students accounts??
Could you please tell what is traffic shape profile used for ?
He did... at the beginning of the video ad nauseum
Traffic shaping comes into action when traffic reach a particular threshold. Where that threshold has been defined?
You set the bandwidth throughput capabilities of the interface on the interface itself. Then, you set the traffic shaping priority, minimum (or maximum) throughput allowed on the traffic shaper itself. From there, you define the policy to which you want the shaper applied.
I have been tasked to trying to limit wireless bandwidth usage so that wireless cameras have priority... can you give me somewhat of a direction to go in?
Thanks
let me know more details of your setup and I will see what I can do. You can use my contact form @ FortinetGURU.COM
@@FortinetGuru Thank you... we are going with UniFi access points... it appears that they can handle the throttling on their own.
@Fortinet Guru
Today I got one "attack" on the firewall with over 100K UDP connections from one IP. I killed them all and now its fine. Is there any way to use per IP traffic shaping to limit the amount of connections per IP? I had a look already and im not quite sure how to make a correct configuration for connections comming in, not going out.
Thank you as always!
You probably want a DOS policy to help mitigate that.
@@FortinetGuru Thank you for your answer! I'll activate that feature and take a look at it, thanks !
i want to give max bandwidth to rdp , As our users are facing frequent disconnection while using SAP server application. please refer me some solution
Going to depend heavily on the amount of utilization you are receiving across the circuit. You can do shared shapers or more to help mitigate this issue.
I think it will not work without ssl decrypt.
how to strengthen the Whatsapp video call in Fortigate?
Can you please do ipsec vpn failover vpn video for us.,.
Sure
👍
Had to fix it after I made that glaring oversight!
@@FortinetGuru Glad it wasn't me. LOL. Hey, where is MONITOR in 6.4?
NVM, Found it. New Dashboard, just had to Drill down to details. ugh!