Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 6.4.0 Administration Guide
    6.4.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Application groups in policies

    Application groups in policies

    This feature provides an application group command for firewall shaping policies.

    The following CLI command is used:

    config firewall shaping-policy

    edit 1

    set app-group <application group>...

    ......

    next

    end

    Example

    In this example, there are two traffic shaping policies:

    • Policy 1 is for traffic related to cloud applications that has high priority.
    • Policy 2 is for other traffic and has low priority.
    To create the shaping policies using the GUI:
    1. Configure an application group for cloud applications:
      1. Go to Security Profiles > Application Signatures.
      2. Click Create New > Application Group. The New Application Group page opens.

      3. Enter a name for the group, select the type, and then add the group the members.
      4. Click OK.
    2. Create the shaping policy for the high priority cloud application traffic:
      1. Go to Policy & Objects > Traffic Shaping Policy.
      2. Click Create New. The New Shaping Policy page opens.

      3. Configure the shaping policy, selecting the previously created cloud application group, and setting both the Shared shaper and Reverse shaper to high‑priority.
      4. Click OK.
      Note

      At least one firewall policy must have application control enabled for the applications to match any policy traffic.
    3. Create the shaping policy for all other traffic, setting both the Shared shaper and Reverse shaper to low‑priority.

    To create the shaping policies using the CLI:
    1. Configure an application group for cloud applications:
      config application group
    edit "cloud app group"
        set application 27210 36740 35944 24467 33048
    next
end
    2. Create the shaping policies for the high priority cloud application traffic and the other, low priority traffic:
      config firewall shaping-policy
    edit 1
        set name "For Cloud Traffic"
        set service "ALL"
        set app-category 30
        set app-group "cloud app group"
        set dstintf "port1"
        set traffic-shaper "high-priority"
        set traffic-shaper-reverse "high-priority"
        set srcaddr "all"
        set dstaddr "all"
    next
    edit 2
        set name "For Other Traffic"
        set service "ALL"
        set dstintf "port1"
        set traffic-shaper "low-priority"
        set traffic-shaper-reverse "low-priority"
        set srcaddr "all"
        set dstaddr "all"
    next
end
    Previous
    Next

    Related Videos

    sidebar video

    Application Group in Traffic Shaping Policy

    • 2,043 views
    • 5 years ago

    Application groups in policies

    Application groups in policies

    This feature provides an application group command for firewall shaping policies.

    The following CLI command is used:

    config firewall shaping-policy

    edit 1

    set app-group <application group>...

    ......

    next

    end

    Example

    In this example, there are two traffic shaping policies:

    • Policy 1 is for traffic related to cloud applications that has high priority.
    • Policy 2 is for other traffic and has low priority.
    To create the shaping policies using the GUI:
    1. Configure an application group for cloud applications:
      1. Go to Security Profiles > Application Signatures.
      2. Click Create New > Application Group. The New Application Group page opens.

      3. Enter a name for the group, select the type, and then add the group the members.
      4. Click OK.
    2. Create the shaping policy for the high priority cloud application traffic:
      1. Go to Policy & Objects > Traffic Shaping Policy.
      2. Click Create New. The New Shaping Policy page opens.

      3. Configure the shaping policy, selecting the previously created cloud application group, and setting both the Shared shaper and Reverse shaper to high‑priority.
      4. Click OK.
      Note

      At least one firewall policy must have application control enabled for the applications to match any policy traffic.
    3. Create the shaping policy for all other traffic, setting both the Shared shaper and Reverse shaper to low‑priority.

    To create the shaping policies using the CLI:
    1. Configure an application group for cloud applications:
      config application group
    edit "cloud app group"
        set application 27210 36740 35944 24467 33048
    next
end
    2. Create the shaping policies for the high priority cloud application traffic and the other, low priority traffic:
      config firewall shaping-policy
    edit 1
        set name "For Cloud Traffic"
        set service "ALL"
        set app-category 30
        set app-group "cloud app group"
        set dstintf "port1"
        set traffic-shaper "high-priority"
        set traffic-shaper-reverse "high-priority"
        set srcaddr "all"
        set dstaddr "all"
    next
    edit 2
        set name "For Other Traffic"
        set service "ALL"
        set dstintf "port1"
        set traffic-shaper "low-priority"
        set traffic-shaper-reverse "low-priority"
        set srcaddr "all"
        set dstaddr "all"
    next
end
    Previous
    Next