Traffic Shaping

Video Activity

In this video, you will learn how to configure SSL VPN for a remote worker to connect to a FortiGate-protected network, and enforce your security policies. You will create a remote worker named Jack. When Jack works at home, or on his travels, he can go to the web portal using any device with Internet access and FortiClient. The SSL VPN tunnel prov...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 35 minutes
Difficulty
Beginner
CEU/CPE
2
Video Description

In this video, you will learn how to configure SSL VPN for a remote worker to connect to a FortiGate-protected network, and enforce your security policies. You will create a remote worker named Jack. When Jack works at home, or on his travels, he can go to the web portal using any device with Internet access and FortiClient. The SSL VPN tunnel provides an encrypted communication path for Jack to connect to internal network connections and protected Internet access. Visit Fortinet's documentation library at http://docs.fortinet.com

Video Transcription
00:00
>> In this video, you will learn how to configure
00:00
>> priority voice-over-IP traffic shaping
00:00
>> with your FortiGate.
00:00
>> You will give VoIP communications
00:00
>> a high traffic priority
00:00
>> with a guaranteed bandwidth
00:00
>> to ensure quality of service.
00:00
>> To achieve high-quality real-time voice transmissions,
00:00
VoIP traffic requires priority
00:00
over all other types of traffic,
00:00
minimal packet loss, and jitter buffers.
00:00
You will use a traffic shaper
00:00
>> to limit bandwidth consuming services like FTP
00:00
>> and another shaper to provide a consistent bandwidth
00:00
>> for day-to-day e-mail, web, and other traffic.
00:00
>> First, you will customize
00:00
>> three existing traffic shapers; high priority,
00:00
>> medium priority, and low priority,
00:00
and then create a separate security policy
00:00
for each service type.
00:00
Go to System, Config, Features
00:00
>> and click the Show More button
00:00
>> to view additional features.
00:00
>> If necessary, enable Traffic Shaping and VoIP.
00:00
Apply your changes.
00:00
Then go to Policy and Objects,
00:00
>> Objects, Traffic Shapers,
00:00
>> and edit the high priority traffic shaper
00:00
>> to customize it for VoIP traffic.
00:00
>> Set type to shared.
00:00
>> Apply the shaper per policy
00:00
so that you will have
00:00
>> the same distribution of bandwidth
00:00
>> regardless of the number of policies using the shaper.
00:00
>> Set traffic priority to high,
00:00
set max bandwidth to 1,000
00:00
>> and guaranteed bandwidth to 800.
00:00
>> Edit the low-priority traffic shaper
00:00
to customize it for FTP traffic.
00:00
Set type to shared,
00:00
apply the shaper to all policies using this shaper.
00:00
This ensures that all policies using your shaper
00:00
will be restricted to share a sediment bandwidth.
00:00
Set traffic priority to low.
00:00
Set max bandwidth and guaranteed bandwidth to 200.
00:00
Setting a low maximum bandwidth
00:00
will prevent sudden spikes in traffic
00:00
>> caused by large FTP file uploads and downloads.
00:00
>> Edit the medium priority traffic shaper
00:00
>> to customize the shaper for regular daily traffic.
00:00
>> Set type to shared.
00:00
This shaper should be set to per policy
00:00
>> so that day-to-day traffic
00:00
>> has the same distribution of bandwidth.
00:00
>> Leave the traffic priority at medium,
00:00
set the max bandwidth and guaranteed bandwidth
00:00
>> to a moderate value.
00:00
>> Go to Policy and Objects, Policy, IPV4,
00:00
and create a new security policy for SIP traffic.
00:00
Set your incoming interface to your local lan.
00:00
Set outgoing interface
00:00
>> to your internet facing interface.
00:00
>> Set service to SIP.
00:00
Enable VoIP and select the default.
00:00
Then enable shared shaper and select high priority.
00:00
Make sure that you include a reverse shaper
00:00
>> so that return traffic for a VoIP call
00:00
>> has the same guaranteed bandwidth as an outgoing call.
00:00
>> For logging options, select All Sessions.
00:00
Then create a security policy for FTP traffic.
00:00
Configure your basic settings again,
00:00
but set the service to FTP this time.
00:00
Enable shared shaper and select low priority.
00:00
Also enable the reverse shaper.
00:00
For logging options, select All Sessions.
00:00
Next, edit your security policy
00:00
>> for daily web-based email and other traffic.
00:00
>> Enable shared Shaper and select medium priority.
00:00
Also enable the reverse shaper.
00:00
For logging options, select All Sessions.
00:00
Make sure to arrange your policies
00:00
>> in the correct order.
00:00
>> Move the SIP and FTP policies
00:00
above the general security policy for daily traffic.
00:00
Browse the internet using a PC on your internal network
00:00
>> to generate daily web traffic.
00:00
>> Then generate FTP traffic.
00:00
Finally, generate SIP traffic.
00:00
Go to Policy and Objects, Monitor,
00:00
Traffic Shaper Monitor,
00:00
and report by the current bandwidth.
00:00
You can see how much of your current bandwidth
00:00
>> is being used by active traffic shapers.
00:00
>> If the standard traffic volume is high enough,
00:00
it will top out at the maximum bandwidth
00:00
defined by each shaper.
00:00
If your traffic shaping configuration is working,
00:00
the voice quality of your VoIP calls
00:00
>> should not be affected by daily traffic variations
00:00
>> or by FTP downloads.
00:00
>> Thank you for watching.
00:00
If you need further details,
00:00
you can visit docs.fortinet.com
00:00
to access our complete documentation library.
00:00
Also, check out our new cookbook site
00:00
at cookbook.fortinet.com for more video tutorials.
Up Next