firewall shaping-policy
Use this command to configure policies that are based on traffic shaping.
History
The following table shows all newly added, changed, or removed entries as of FortiOS 6.0.
Command | Description |
---|---|
set internet-service {enable | disable} set internet-service-id <service-id> set internet-service-custom <service-name> set internet-service-src {enable | disable} set internet-service-src-id <source-id> set internet-service-src-custom <source-name> |
The Internet Service Database (ISDB) and IP Reputation Database (IRDB) enhances traffic shaping criteria for traffic shaping policies. To use Internet services in a traffic shaping policy, you must set the source and destination to one of the Internet services. For all related commands to be available, both |
config firewall shaping-policy edit {id} # Configure shaping policies. set id {integer} Shaping policy ID. range[0-4294967295] set comment {string} Comments. size[255] set status {enable | disable} Enable/disable this traffic shaping policy. set ip-version {4 | 6} Apply this traffic shaping policy to IPv4 or IPv6 traffic. 4 Use IPv4 addressing for Configuration Method. 6 Use IPv6 addressing for Configuration Method. config srcaddr edit {name} # IPv4 source address and address group names. set name {string} Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name next config dstaddr edit {name} # IPv4 destination address and address group names. set name {string} Address name. size[64] - datasource(s): firewall.address.name,firewall.addrgrp.name next config srcaddr6 edit {name} # IPv6 source address and address group names. set name {string} Address name. size[64] - datasource(s): firewall.address6.name,firewall.addrgrp6.name next config dstaddr6 edit {name} # IPv6 destination address and address group names. set name {string} Address name. size[64] - datasource(s): firewall.address6.name,firewall.addrgrp6.name next set internet-service {enable | disable} Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. config internet-service-id edit {id} # Internet Service ID. set id {integer} Internet Service ID. range[0-4294967295] - datasource(s): firewall.internet-service.id next config internet-service-custom edit {name} # Custom Internet Service name. set name {string} Custom Internet Service name. size[64] - datasource(s): firewall.internet-service-custom.name next set internet-service-src {enable | disable} Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. config internet-service-src-id edit {id} # Internet Service source ID. set id {integer} Internet Service ID. range[0-4294967295] - datasource(s): firewall.internet-service.id next config internet-service-src-custom edit {name} # Custom Internet Service source name. set name {string} Custom Internet Service name. size[64] - datasource(s): firewall.internet-service-custom.name next config service edit {name} # Service and service group names. set name {string} Service name. size[64] - datasource(s): firewall.service.custom.name,firewall.service.group.name next set schedule {string} Schedule name. size[35] - datasource(s): firewall.schedule.onetime.name,firewall.schedule.recurring.name,firewall.schedule.group.name config users edit {name} # Apply this traffic shaping policy to individual users that have authenticated with the FortiGate. set name {string} User name. size[64] - datasource(s): user.local.name next config groups edit {name} # Apply this traffic shaping policy to user groups that have authenticated with the FortiGate. set name {string} Group name. size[64] - datasource(s): user.group.name next config application edit {id} # IDs of one or more applications that this shaper applies application control traffic shaping to. set id {integer} Application IDs. range[0-4294967295] next config app-category edit {id} # IDs of one or more application categories that this shaper applies application control traffic shaping to. set id {integer} Category IDs. range[0-4294967295] next config url-category edit {id} # IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to. set id {integer} URL category ID. range[0-4294967295] next config dstintf edit {name} # One or more outgoing (egress) interfaces. set name {string} Interface name. size[64] - datasource(s): system.interface.name,system.zone.name next set traffic-shaper {string} Traffic shaper to apply to traffic forwarded by the firewall policy. size[35] - datasource(s): firewall.shaper.traffic-shaper.name set traffic-shaper-reverse {string} Traffic shaper to apply to response traffic received by the firewall policy. size[35] - datasource(s): firewall.shaper.traffic-shaper.name set per-ip-shaper {string} Per-IP traffic shaper to apply with this policy. size[35] - datasource(s): firewall.shaper.per-ip-shaper.name set class-id {integer} Traffic class ID. range[2-31] next end
Additional information
The following section is for those options that require additional explanation.