Fortinet black logo

CLI Reference

firewall shaping-policy

Configure shaping policies.

  config firewall shaping-policy
      Description: Configure shaping policies.
      edit <id>
          set name {string}
          set comment {var-string}
          set status [enable|disable]
          set ip-version [4|6]
          set srcaddr <name1>, <name2>, ...
          set dstaddr <name1>, <name2>, ...
          set srcaddr6 <name1>, <name2>, ...
          set dstaddr6 <name1>, <name2>, ...
          set internet-service [enable|disable]
          set internet-service-name <name1>, <name2>, ...
          set internet-service-group <name1>, <name2>, ...
          set internet-service-custom <name1>, <name2>, ...
          set internet-service-custom-group <name1>, <name2>, ...
          set internet-service-src [enable|disable]
          set internet-service-src-name <name1>, <name2>, ...
          set internet-service-src-group <name1>, <name2>, ...
          set internet-service-src-custom <name1>, <name2>, ...
          set internet-service-src-custom-group <name1>, <name2>, ...
          set service <name1>, <name2>, ...
          set schedule {string}
          set users <name1>, <name2>, ...
          set groups <name1>, <name2>, ...
          set application <id1>, <id2>, ...
          set app-category <id1>, <id2>, ...
          set app-group <name1>, <name2>, ...
          set url-category <id1>, <id2>, ...
          set srcintf <name1>, <name2>, ...
          set dstintf <name1>, <name2>, ...
          set tos {user}
          set tos-mask {user}
          set tos-negate [enable|disable]
          set traffic-shaper {string}
          set traffic-shaper-reverse {string}
          set per-ip-shaper {string}
          set class-id {integer}
          set diffserv-forward [enable|disable]
          set diffserv-reverse [enable|disable]
          set diffservcode-forward {user}
          set diffservcode-rev {user}
      next
  end

config firewall shaping-policy

Parameter Name Description Type Size
name Shaping policy name. string Maximum length: 35
comment Comments. var-string Maximum length: 255
status Enable/disable this traffic shaping policy.
enable: Enable traffic shaping policy.
disable: Disable traffic shaping policy.
option -
ip-version Apply this traffic shaping policy to IPv4 or IPv6 traffic.
4: Use IPv4 addressing for Configuration Method.
6: Use IPv6 addressing for Configuration Method.
option -
srcaddr <name> IPv4 source address and address group names.
Address name.
string Maximum length: 79
dstaddr <name> IPv4 destination address and address group names.
Address name.
string Maximum length: 79
srcaddr6 <name> IPv6 source address and address group names.
Address name.
string Maximum length: 79
dstaddr6 <name> IPv6 destination address and address group names.
Address name.
string Maximum length: 79
internet-service Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.
enable: Enable use of Internet Service in shaping-policy.
disable: Disable use of Internet Service in shaping-policy.
option -
internet-service-name <name> Internet Service ID.
Internet Service name.
string Maximum length: 79
internet-service-group <name> Internet Service group name.
Internet Service group name.
string Maximum length: 79
internet-service-custom <name> Custom Internet Service name.
Custom Internet Service name.
string Maximum length: 79
internet-service-custom-group <name> Custom Internet Service group name.
Custom Internet Service group name.
string Maximum length: 79
internet-service-src Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.
enable: Enable use of Internet Service source in shaping-policy.
disable: Disable use of Internet Service source in shaping-policy.
option -
internet-service-src-name <name> Internet Service source name.
Internet Service name.
string Maximum length: 79
internet-service-src-group <name> Internet Service source group name.
Internet Service group name.
string Maximum length: 79
internet-service-src-custom <name> Custom Internet Service source name.
Custom Internet Service name.
string Maximum length: 79
internet-service-src-custom-group <name> Custom Internet Service source group name.
Custom Internet Service group name.
string Maximum length: 79
service <name> Service and service group names.
Service name.
string Maximum length: 79
schedule Schedule name. string Maximum length: 35
users <name> Apply this traffic shaping policy to individual users that have authenticated with the FortiGate.
User name.
string Maximum length: 79
groups <name> Apply this traffic shaping policy to user groups that have authenticated with the FortiGate.
Group name.
string Maximum length: 79
application <id> IDs of one or more applications that this shaper applies application control traffic shaping to.
Application IDs.
integer Minimum value: 0 Maximum value: 4294967295
app-category <id> IDs of one or more application categories that this shaper applies application control traffic shaping to.
Category IDs.
integer Minimum value: 0 Maximum value: 4294967295
app-group <name> One or more application group names.
Application group name.
string Maximum length: 79
url-category <id> IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to.
URL category ID.
integer Minimum value: 0 Maximum value: 4294967295
srcintf <name> One or more incoming (ingress) interfaces.
Interface name.
string Maximum length: 79
dstintf <name> One or more outgoing (egress) interfaces.
Interface name.
string Maximum length: 79
tos ToS (Type of Service) value used for comparison. user Not Specified
tos-mask Non-zero bit positions are used for comparison while zero bit positions are ignored. user Not Specified
tos-negate Enable negated TOS match.
enable: Enable TOS match negate.
disable: Disable TOS match negate.
option -
traffic-shaper Traffic shaper to apply to traffic forwarded by the firewall policy. string Maximum length: 35
traffic-shaper-reverse Traffic shaper to apply to response traffic received by the firewall policy. string Maximum length: 35
per-ip-shaper Per-IP traffic shaper to apply with this policy. string Maximum length: 35
class-id Traffic class ID. integer Minimum value: 0 Maximum value: 4294967295
diffserv-forward Enable to change packet's DiffServ values to the specified diffservcode-forward value.
enable: Enable setting forward (original) traffic DiffServ.
disable: Disable setting forward (original) traffic DiffServ.
option -
diffserv-reverse Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.
enable: Enable setting reverse (reply) traffic DiffServ.
disable: Disable setting reverse (reply) traffic DiffServ.
option -
diffservcode-forward Change packet's DiffServ to this value. user Not Specified
diffservcode-rev Change packet's reverse (reply) DiffServ to this value. user Not Specified

Configure shaping policies.

  config firewall shaping-policy
      Description: Configure shaping policies.
      edit <id>
          set name {string}
          set comment {var-string}
          set status [enable|disable]
          set ip-version [4|6]
          set srcaddr <name1>, <name2>, ...
          set dstaddr <name1>, <name2>, ...
          set srcaddr6 <name1>, <name2>, ...
          set dstaddr6 <name1>, <name2>, ...
          set internet-service [enable|disable]
          set internet-service-name <name1>, <name2>, ...
          set internet-service-group <name1>, <name2>, ...
          set internet-service-custom <name1>, <name2>, ...
          set internet-service-custom-group <name1>, <name2>, ...
          set internet-service-src [enable|disable]
          set internet-service-src-name <name1>, <name2>, ...
          set internet-service-src-group <name1>, <name2>, ...
          set internet-service-src-custom <name1>, <name2>, ...
          set internet-service-src-custom-group <name1>, <name2>, ...
          set service <name1>, <name2>, ...
          set schedule {string}
          set users <name1>, <name2>, ...
          set groups <name1>, <name2>, ...
          set application <id1>, <id2>, ...
          set app-category <id1>, <id2>, ...
          set app-group <name1>, <name2>, ...
          set url-category <id1>, <id2>, ...
          set srcintf <name1>, <name2>, ...
          set dstintf <name1>, <name2>, ...
          set tos {user}
          set tos-mask {user}
          set tos-negate [enable|disable]
          set traffic-shaper {string}
          set traffic-shaper-reverse {string}
          set per-ip-shaper {string}
          set class-id {integer}
          set diffserv-forward [enable|disable]
          set diffserv-reverse [enable|disable]
          set diffservcode-forward {user}
          set diffservcode-rev {user}
      next
  end

config firewall shaping-policy

Parameter Name Description Type Size
name Shaping policy name. string Maximum length: 35
comment Comments. var-string Maximum length: 255
status Enable/disable this traffic shaping policy.
enable: Enable traffic shaping policy.
disable: Disable traffic shaping policy.
option -
ip-version Apply this traffic shaping policy to IPv4 or IPv6 traffic.
4: Use IPv4 addressing for Configuration Method.
6: Use IPv6 addressing for Configuration Method.
option -
srcaddr <name> IPv4 source address and address group names.
Address name.
string Maximum length: 79
dstaddr <name> IPv4 destination address and address group names.
Address name.
string Maximum length: 79
srcaddr6 <name> IPv6 source address and address group names.
Address name.
string Maximum length: 79
dstaddr6 <name> IPv6 destination address and address group names.
Address name.
string Maximum length: 79
internet-service Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.
enable: Enable use of Internet Service in shaping-policy.
disable: Disable use of Internet Service in shaping-policy.
option -
internet-service-name <name> Internet Service ID.
Internet Service name.
string Maximum length: 79
internet-service-group <name> Internet Service group name.
Internet Service group name.
string Maximum length: 79
internet-service-custom <name> Custom Internet Service name.
Custom Internet Service name.
string Maximum length: 79
internet-service-custom-group <name> Custom Internet Service group name.
Custom Internet Service group name.
string Maximum length: 79
internet-service-src Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.
enable: Enable use of Internet Service source in shaping-policy.
disable: Disable use of Internet Service source in shaping-policy.
option -
internet-service-src-name <name> Internet Service source name.
Internet Service name.
string Maximum length: 79
internet-service-src-group <name> Internet Service source group name.
Internet Service group name.
string Maximum length: 79
internet-service-src-custom <name> Custom Internet Service source name.
Custom Internet Service name.
string Maximum length: 79
internet-service-src-custom-group <name> Custom Internet Service source group name.
Custom Internet Service group name.
string Maximum length: 79
service <name> Service and service group names.
Service name.
string Maximum length: 79
schedule Schedule name. string Maximum length: 35
users <name> Apply this traffic shaping policy to individual users that have authenticated with the FortiGate.
User name.
string Maximum length: 79
groups <name> Apply this traffic shaping policy to user groups that have authenticated with the FortiGate.
Group name.
string Maximum length: 79
application <id> IDs of one or more applications that this shaper applies application control traffic shaping to.
Application IDs.
integer Minimum value: 0 Maximum value: 4294967295
app-category <id> IDs of one or more application categories that this shaper applies application control traffic shaping to.
Category IDs.
integer Minimum value: 0 Maximum value: 4294967295
app-group <name> One or more application group names.
Application group name.
string Maximum length: 79
url-category <id> IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to.
URL category ID.
integer Minimum value: 0 Maximum value: 4294967295
srcintf <name> One or more incoming (ingress) interfaces.
Interface name.
string Maximum length: 79
dstintf <name> One or more outgoing (egress) interfaces.
Interface name.
string Maximum length: 79
tos ToS (Type of Service) value used for comparison. user Not Specified
tos-mask Non-zero bit positions are used for comparison while zero bit positions are ignored. user Not Specified
tos-negate Enable negated TOS match.
enable: Enable TOS match negate.
disable: Disable TOS match negate.
option -
traffic-shaper Traffic shaper to apply to traffic forwarded by the firewall policy. string Maximum length: 35
traffic-shaper-reverse Traffic shaper to apply to response traffic received by the firewall policy. string Maximum length: 35
per-ip-shaper Per-IP traffic shaper to apply with this policy. string Maximum length: 35
class-id Traffic class ID. integer Minimum value: 0 Maximum value: 4294967295
diffserv-forward Enable to change packet's DiffServ values to the specified diffservcode-forward value.
enable: Enable setting forward (original) traffic DiffServ.
disable: Disable setting forward (original) traffic DiffServ.
option -
diffserv-reverse Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.
enable: Enable setting reverse (reply) traffic DiffServ.
disable: Disable setting reverse (reply) traffic DiffServ.
option -
diffservcode-forward Change packet's DiffServ to this value. user Not Specified
diffservcode-rev Change packet's reverse (reply) DiffServ to this value. user Not Specified