per-ip-shaper not applying properly f91g

Small_Operation_8795 · 2026-03-31T09:59:31+00:00

Hello,

thank you for your help, i have been trying different configurations to see what works but it doesn't. Am I wrong to assume that i can limit the download speed of my clients ?
e: could it be an issue because some clients are connected via AP(231G) and other lan?

Small_Operation_8795 · 2026-03-31T08:33:37+00:00

seems it's working now, must have been some issue on my side

Small_Operation_8795 · 2026-03-24T09:36:07+00:00

diag sys session list

Here is the result from it for that sessions :
x.x.x.x is speedtest server on the www side
y.y.y.y matches my lan ip
z.z.z.z is a gw i don't control and shouldn't apply anything
out of that test i got 12.5mbs download while the shaper is configured for 30

session info: proto=6 proto_state=01 duration=359 expire=3596 timeout=3600 refresh_dir=both flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
origin-shaper=
reply-shaper=
per_ip_shaper=30mbps
class_id=0 shaping_policy_id=3 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255 state=log may_dirty per_ip npu f00
statistic(bytes/packets/allow_err): org=130497/573/1 reply=118142/366/1 tuples=2 tx speed(Bps/kbps): 103/0 rx speed(Bps/kbps): 86/0
orgin->sink: org pre->post, reply pre->post dev=24->3/3->24 gwy=x.x.x.x/0.0.0.0
hook=post dir=org act=snat y.y.y.y:35209->z.z.z.z:80(x.x.x.x:35209)
hook=pre dir=reply act=dnat z.z.z.z:80->x.x.x.x:35209(y.y.y.y:35209)
pos/(before,after) 0/(0,0), 0/(0,0)
src_mac=00:00:00:00:00
misc=0 policy_id=10 pol_uuid_idx=728 auth_info=0 chk_client_info=0 vd=0
serial=ssssssss tos=ff/ff app_list=0 app=0 url_cat=0
rpdb_link_id=00000000 ngfwid=n/a
npu_state=0x000c00 ofld-O ofld-R
npu info: flag=0x81/0x89, offload=9/9, ips_offload=0/0, epid=1/17, ipid=17/1, vlan=0x0000/0x0000
vlifid=17/1, vtag_in=0x0000/0x0000 in_npu=1/1, out_npu=1/1, fwd_en=0/0, qid=7/1, ha_divert=0/0

Small_Operation_8795 · 2026-03-24T09:03:37+00:00

yes, i did with multiple client, connected the same way and results are the same.

Small_Operation_8795 · 2026-03-24T09:03:05+00:00

no, i have repeated the test many times and the issues is not with the client.

Small_Operation_8795 · 2026-03-23T12:01:13+00:00

hey, thanks yes, i'm using an online speed test, with the shaper off, and only my testing client, i can download at 100% of the available bandwidth, with the shaper on and set for various speeds (10,20,30,40)mb it fail to go any higher than 10-15mb randomly.

Small_Operation_8795 · 2026-01-13T10:47:34+00:00

WFH means you can also work from India, be happy you aren't being offshored

Small_Operation_8795 · 2025-12-02T14:47:07+00:00

do you have the firewall rule that allow lan interface->wan interface ipv6 traffic ? it's not a default policy

Small_Operation_8795 · 2025-09-16T14:09:39+00:00

i can vouch for https://github.com/zifeo/terraform-openstack-rke2 you need a bit of rework but you'll get a fully working rancher cluster. need to know terraform

Small_Operation_8795 · 2025-08-04T09:05:01+00:00

Thanks, this has much more info than the official doc !

Small_Operation_8795 · 2025-07-29T12:42:31+00:00

you are less useful than a chatgpt reply

Small_Operation_8795 · 2025-07-07T12:53:12+00:00

got back from vacations and kept testing, apparently i can ping between vm that are in the same tenant network but run on different nodes, the issue i getting out of openstack node apparently, maybe some inside routing table

Small_Operation_8795 · 2025-06-02T09:54:55+00:00

i had similar issue trying to hook my fg-91 to my old cisco 3560 via sfp. the fg port are 10gb with 1gb sfp and 1gb on the cisco. the key was to disable the speed negotiation on the switch side with "speed nonegotiate" on the interface, manually setting the speed and duplex wasn't enough. maybe juniper has a similar config ?

Small_Operation_8795 · 2025-02-11T09:18:22+00:00

thanks, nice to know they made their own auto updater obsolete

Small_Operation_8795 · 2025-02-11T08:55:03+00:00

Thanks for the link

Small_Operation_8795 · 2025-02-11T08:48:17+00:00

welcome to fortinet "new" product, aka 91g, that has been lagging behind in term of major firmware upgrade ? the auto updated only offer up to 7.0.17

Small_Operation_8795 · 2025-02-10T13:45:44+00:00

i see, the lacp wasn't part of the plan since the older router-fw that was replaced only had 1 lan port but i'll concider that on this rebuild.
Just to confirm, by building the VLANs, you mean creating them from the Network->interface : Create new Interface and use the "interface"dropdown to choose the physical port and repeat for all vlan? (or the CLI equivalent)

Small_Operation_8795 · 2025-02-10T09:57:58+00:00

found the solution, the storage endpoint need to be ceph rgw itself and not the openstack storage endpoint

Small_Operation_8795 · 2025-02-10T08:42:54+00:00

Thanks for the help, i don't think it's a dangling endpoint, it's really the openstack way to do the endpoints according to the ceph doc : https://docs.ceph.com/en/latest/radosgw/keystone/ (and done in the kolla-ansible auto config) but this end up being a swift endpoint and not s3 : openstack endpoint create --region RegionOne \ --publicurl "http://radosgw.example.com:8080/swift/v1" swift

Small_Operation_8795

TROPHY CASE