The quality of VoIP phone calls through a firewall often suffers when the firewall is busy and the bandwidth available for the VoIP traffic fluctuates. This can be irritating, leading to unpredictable results and caller frustration. This recipe describes how to add traffic shaping to your FortiGate to guarantee that enough bandwidth is available for VoIP traffic, regardless of any other activity on the network.
To achieve high-quality real-time voice transmissions, VoIP traffic requires priority over other types of traffic, minimal packet loss, and jitter buffers. You will limit bandwidth consuming services, like FTP, while providing a consistent bandwidth for day-to-day email and web-based traffic. First, you will customize three existing traffic shaper profiles—high priority, medium priority, and low priority—and then create a separate traffic shaping policy for each service type.
5.2 | 5.6
1. Enabling Traffic Shaping and VoIP features |
|
|
Go to System > Feature Select and enable both Traffic Shaping and VoIP. Apply your changes. |
 |
2. Creating a high priority VoIP traffic shaper |
|
|
Go to Policy & Objects > Traffic Shapers and edit the default high-priority traffic shaper. Set Type to Shared. Set Apply shaper to Per Policy. Set Traffic Priority to High. Select Max Bandwidth and enter |
 |
3. Creating a low priority FTP traffic shaper |
|
|
Go to Policy & Objects > Traffic Shapers and edit the default low-priority traffic shaper. Set Type to Shared. Set Apply shaper to All policies using this shaper. Set Traffic Priority to Low. Set Max Bandwidth and Guaranteed Bandwidth to |
 |
4. Creating a medium priority daily traffic shaper |
|
|
Go to Policy & Objects > Traffic Shapers and edit the default medium-priority traffic shaper. Set Type to Shared. Set Apply shaper to Per Policy. Select Max Bandwidth and enter |
 |
5. Adding a VoIP security profile to your Internet access policy |
|
|
Go to Policy & Objects > IPv4 Policy and edit your Internet access policy. Under Security Profiles enable VoIP and change the logging options to All Sessions to test the results later. Note your Source, Destination and Outgoing Interface for Step 6. |
|
6. Creating three traffic shaping policies |
|
|
Go to Policy & Objects > Traffic Shaping Policy and create a new high-priority traffic shaping policy for SIP traffic. Set the Matching Criteria to the same settings as the Internet access policy you would like to apply traffic shaping to. Enable Shared Shaper and Reverse Shaper and select high-priority. |
|
| Follow the same process, to create a new low-priority traffic shaping policy for FTP traffic. Set Service to FTP and Shared Shaper and Reverse Shaper to low-priority. |  |
| Now create a medium-priority traffic shaping policy for daily traffic. Set Service to ALL and Shared Shaper and Reverse Shaper to medium-priority. |  |
|
|
|
6. Results |
|
|
Browse the Internet using a PC on your internal network to generate daily web traffic. Then, generate FTP traffic. The FTP sessions should occur slowly. |
|
|
Finally, generate SIP traffic. Go to FortiView > Traffic Shaping and look at the three active traffic shapers. |
 |
|
If the standard traffic volume is high enough, it will top out at the maximum bandwidth defined by each shaper. The high-priority VoIP (SIP) policy should show no dropped bytes, but either of the other two policies may show dropped bytes if the set bandwidth is maxed out. You will have normal voice quality on your VoIP call, even with daily traffic and FTP downloads running. |
|
|
Select the graph icon to switch to the bubble graph view, and sort by Bandwidth. Mouse over a shaper to view more details, or double-click to drill down. |
|
For further reading, check out Traffic Shaping in the FortiOS 5.6 Handbook.
The post Traffic shaping for VoIP appeared first on Fortinet Cookbook.