Firewall
Policy
FortiGate-60M Administration Guide
01-28007-0144-20041217
197
In most cases you should make sure that users can use DNS through the firewall
without authentication. If DNS is not available users cannot connect to a web, FTP, or
Telnet server using a domain name.
Traffic Shaping
Traffic Shaping controls the bandwidth available to and sets the priority of the traffic
processed by the policy. Traffic Shaping makes it possible to control which policies
have the highest priority when large amounts of data are moving through the
FortiGate device. For example, the policy for the corporate web server might be given
higher priority than the policies for most employees’ computers. An employee who
needs unusually high-speed Internet access could have a special outgoing policy set
up with higher bandwidth.
If you set both guaranteed bandwidth and maximum bandwidth to 0 (zero), the policy
does not allow any traffic.
Differentiated Services
Differentiate Services (DiffServ) describes a set of end-to-end Quality of Service
(QoS) capabilities. End-to-end QoS is the ability of a network to deliver service
required by specific network traffic from one end of the network to another. By
configuring DiffServ you configure your network to deliver particular levels of service
for different packets based on the QoS specified by each packet.
DiffServ is defined by RFC 2474 and 2475 as enhancements to the IP networking to
enable scalable service discrimination in the IP network without the need for per-flow
state and signalling at every hop. DiffServ-capable routers sort IP traffic into classes
by inspecting the DS field in IPv4 header or the Traffic Class field in the IPv6 header.
You can use the FortiGate DiffServ feature to change the DSCP (Differentiated
Services Code Point) value for all packets accepted by a policy. The network uses
these DSCP values to classify, mark, shape, and police traffic, and to perform
intelligent queuing. DSCP features are applied to traffic by configuring the routers on
your network are configured to apply different service levels to packets depending on
the DSCP value of packets that they are routing.
You can configure policies to apply DS values for both forward and reverse traffic.
These values are optional and may be enabled independently from each other. When
both are disabled, no changes to the DS field are made.
Guaranteed
Bandwidth
You can use traffic shaping to guarantee the amount of bandwidth available
through the firewall for a policy. Guarantee bandwidth (in Kbytes) to make
sure that there is enough bandwidth available for a high-priority service.
Maximum
Bandwidth
You can also use traffic shaping to limit the amount of bandwidth available
through the firewall for a policy. Limit bandwidth to keep less important
services from using bandwidth needed for more important services.
Traffic Priority
Select High, Medium, or Low. Select Traffic Priority so that the FortiGate unit
manages the relative priorities of different types of traffic. For example, a
policy for connecting to a secure web server needed to support e-commerce
traffic should be assigned a high traffic priority. Less important services
should be assigned a low priority. The firewall provides bandwidth to low-
priority connections only when bandwidth is not needed for high-priority
connections.
Summary of Contents for FortiGate FortiGate-60M
Page 12: ...Contents 12 01 28007 0144 20041217 Fortinet Inc Index 369 ...
Page 44: ...44 01 28007 0144 20041217 Fortinet Inc Changing the FortiGate firmware System status ...
Page 74: ...74 01 28007 0144 20041217 Fortinet Inc FortiGate IPv6 support System network ...
Page 82: ...82 01 28007 0144 20041217 Fortinet Inc Dynamic IP System DHCP ...
Page 116: ...116 01 28007 0144 20041217 Fortinet Inc Access profiles System administration ...
Page 234: ...234 01 28007 0144 20041217 Fortinet Inc Protection profile Firewall ...
Page 246: ...246 01 28007 0144 20041217 Fortinet Inc CLI configuration Users and authentication ...
Page 278: ...278 01 28007 0144 20041217 Fortinet Inc CLI configuration VPN ...
Page 340: ...340 01 28007 0144 20041217 Fortinet Inc Using Perl regular expressions Spam filter ...
Page 358: ...358 01 28007 0144 20041217 Fortinet Inc CLI configuration Log Report ...
Page 376: ...376 01 28007 0144 20041217 Fortinet Inc Index ...