Time
1 hour 35 minutes
Difficulty
Beginner

Video Description

In this video, you will learn how to configure SSL VPN for a remote worker to connect to a FortiGate-protected network, and enforce your security policies. You will create a remote worker named Jack. When Jack works at home, or on his travels, he can go to the web portal using any device with Internet access and FortiClient. The SSL VPN tunnel provides an encrypted communication path for Jack to connect to internal network connections and protected Internet access. Visit Fortinet's documentation library at http://docs.fortinet.com

Video Transcription

00:00
In this video, you will learn how to configure priority voice over I p traffic shaming with your 48
00:07
you'll give void communications. Ah, high traffic priority with the guaranteed bandwidth to ensure quality of service
00:15
to achieve high quality riel time voice transmissions. Avoid traffic requires priority over all other types of traffic, minimal packet loss and jitter buffers. You'll use a traffic shaper to limit bandwith. Consuming service is like FTP
00:31
and another shaper to provide a consistent bandits for day to day e mail, web and other traffic.
00:38
First, you will customize three existing traffic shapers, high priority, medium priority and low priority, and then create a separate security policy for each service type.
00:55
Go to system config
00:58
features and click the show more button to view additional features,
01:03
if necessary, enabled traffic shaping and void.
01:08
Apply your changes,
01:15
then go to policy and objects,
01:19
objects,
01:19
traffic shapers and edit the high priority traffic shaper to customize it. For VoIP traffic
01:26
set type two shared.
01:30
Apply the shaper per policies so that you will have the same distribution of bandwidth regardless of the number of policies using the shaper. Set traffic priority too high.
01:41
Set. Max bandwith to 1000 and guaranteed bend with 2 800
01:56
Edit the low priority traffic shaper to customize it For FTP traffic
02:00
set type two shared. Apply the shaper toe all policies using this shaper.
02:07
This ensures that all policies using your shaper will be restricted to share a set amount of bandwidth.
02:13
Set traffic priority too low,
02:16
set max bandwidth and guaranteed bandwidth to 200.
02:23
Setting a low maximum bandwidth will prevent sudden spikes in traffic caused by large FTP file uploads and downloads.
02:38
Edit the medium priority traffic shaper to customize a shaper for regular daily traffic
02:45
set type to share. This shaper should be set to Purple ISI so that day to day traffic has the same distribution of Randwick.
02:53
Leave the profit priority at medium,
02:57
said the Max Band. With and guaranteed bandwidth to a moderate value.
03:09
Go to policy and objects policy. I pee before and create a new security policy. For sip traffic,
03:17
set your incoming interface to your local land.
03:22
Set outgoing interface to your Internet facing interface,
03:28
set service to sit,
03:32
enable voice and select the default.
03:37
Then enable shared shaper and select high priority.
03:43
Make sure that you include a reverse shaper so that return traffic for a VoIP call has the same guaranteed bandwith as an outgoing call
03:51
for logging options. Select all sessions,
03:59
then create a security policy for FTP traffic.
04:03
Configure your basic settings again,
04:06
but set the service to FTP this time.
04:13
Enable shared shaper and select low priority.
04:17
Also enabled the reverse shaper
04:21
for logging options. Select all sessions.
04:28
Next, edit your security policy for daily Web based email and other traffic.
04:35
Enable shared shaper and select medium priority.
04:41
Also enabled the reverse shaper
04:44
for logging options. Select all sessions.
04:49
Make sure to arrange your policies in the correct order.
04:54
Move the sip and FTP policies above the general security policy for daily traffic.
05:09
Browse the Internet using a PC on your internal network to generate daily Web traffic,
05:18
then generate FTP traffic.
05:25
Finally generates sip traffic,
05:28
go to policy and objects, monitor
05:31
traffic shaper, monitor and report. By the current bandwidth,
05:38
you can see how much of your current bandwidth is being used by active traffic shapers.
05:44
If the standard traffic William was high enough, it will top out at the maximum bandwidth defined by each shaper.
05:50
If your traffic shaping configuration is working the voice quality of your voice calls should not be affected by daily traffic variations or by FDP downloads.
06:03
Thank you for watching. If you need further details, you can visit docks dot ford net dot com toe access are complete Documentation library.
06:13
Also check out our new cookbook site at cookbook dot ford net dot com for more video tutorials.

Up Next