config firewall shaping-policy
Configure shaping policies.
config firewall shaping-policy
Description: Configure shaping policies.
edit <id>
set name {string}
set comment {var-string}
set status [enable|disable]
set ip-version [4|6]
set srcaddr <name1>, <name2>, ...
set dstaddr <name1>, <name2>, ...
set srcaddr6 <name1>, <name2>, ...
set dstaddr6 <name1>, <name2>, ...
set internet-service [enable|disable]
set internet-service-name <name1>, <name2>, ...
set internet-service-group <name1>, <name2>, ...
set internet-service-custom <name1>, <name2>, ...
set internet-service-custom-group <name1>, <name2>, ...
set internet-service-src [enable|disable]
set internet-service-src-name <name1>, <name2>, ...
set internet-service-src-group <name1>, <name2>, ...
set internet-service-src-custom <name1>, <name2>, ...
set internet-service-src-custom-group <name1>, <name2>, ...
set service <name1>, <name2>, ...
set schedule {string}
set users <name1>, <name2>, ...
set groups <name1>, <name2>, ...
set application <id1>, <id2>, ...
set app-category <id1>, <id2>, ...
set app-group <name1>, <name2>, ...
set url-category <id1>, <id2>, ...
set srcintf <name1>, <name2>, ...
set dstintf <name1>, <name2>, ...
set tos {user}
set tos-mask {user}
set tos-negate [enable|disable]
set traffic-shaper {string}
set traffic-shaper-reverse {string}
set per-ip-shaper {string}
set class-id {integer}
set diffserv-forward [enable|disable]
set diffserv-reverse [enable|disable]
set diffservcode-forward {user}
set diffservcode-rev {user}
next
end
config firewall shaping-policy
Parameter name |
Description |
Type |
Size |
||||||
---|---|---|---|---|---|---|---|---|---|
name |
Shaping policy name. |
string |
Maximum length: 35 |
||||||
comment |
Comments. |
var-string |
Maximum length: 255 |
||||||
status |
Enable/disable this traffic shaping policy. |
option |
- |
||||||
|
|
||||||||
ip-version |
Apply this traffic shaping policy to IPv4 or IPv6 traffic. |
option |
- |
||||||
|
|
||||||||
srcaddr `<name>` |
IPv4 source address and address group names.<br>Address name. |
string |
Maximum length: 79 |
||||||
dstaddr `<name>` |
IPv4 destination address and address group names.<br>Address name. |
string |
Maximum length: 79 |
||||||
srcaddr6 `<name>` |
IPv6 source address and address group names.<br>Address name. |
string |
Maximum length: 79 |
||||||
dstaddr6 `<name>` |
IPv6 destination address and address group names.<br>Address name. |
string |
Maximum length: 79 |
||||||
internet-service |
Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. |
option |
- |
||||||
|
|
||||||||
internet-service-name `<name>` |
Internet Service ID.<br>Internet Service name. |
string |
Maximum length: 79 |
||||||
internet-service-group `<name>` |
Internet Service group name.<br>Internet Service group name. |
string |
Maximum length: 79 |
||||||
internet-service-custom `<name>` |
Custom Internet Service name.<br>Custom Internet Service name. |
string |
Maximum length: 79 |
||||||
internet-service-custom-group `<name>` |
Custom Internet Service group name.<br>Custom Internet Service group name. |
string |
Maximum length: 79 |
||||||
internet-service-src |
Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. |
option |
- |
||||||
|
|
||||||||
internet-service-src-name `<name>` |
Internet Service source name.<br>Internet Service name. |
string |
Maximum length: 79 |
||||||
internet-service-src-group `<name>` |
Internet Service source group name.<br>Internet Service group name. |
string |
Maximum length: 79 |
||||||
internet-service-src-custom `<name>` |
Custom Internet Service source name.<br>Custom Internet Service name. |
string |
Maximum length: 79 |
||||||
internet-service-src-custom-group `<name>` |
Custom Internet Service source group name.<br>Custom Internet Service group name. |
string |
Maximum length: 79 |
||||||
service `<name>` |
Service and service group names.<br>Service name. |
string |
Maximum length: 79 |
||||||
schedule |
Schedule name. |
string |
Maximum length: 35 |
||||||
users `<name>` |
Apply this traffic shaping policy to individual users that have authenticated with the FortiGate.<br>User name. |
string |
Maximum length: 79 |
||||||
groups `<name>` |
Apply this traffic shaping policy to user groups that have authenticated with the FortiGate.<br>Group name. |
string |
Maximum length: 79 |
||||||
application `<id>` |
IDs of one or more applications that this shaper applies application control traffic shaping to.<br>Application IDs. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
||||||
app-category `<id>` |
IDs of one or more application categories that this shaper applies application control traffic shaping to.<br>Category IDs. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
||||||
app-group `<name>` |
One or more application group names.<br>Application group name. |
string |
Maximum length: 79 |
||||||
url-category `<id>` |
IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to.<br>URL category ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
||||||
srcintf `<name>` |
One or more incoming (ingress) interfaces.<br>Interface name. |
string |
Maximum length: 79 |
||||||
dstintf `<name>` |
One or more outgoing (egress) interfaces.<br>Interface name. |
string |
Maximum length: 79 |
||||||
tos |
ToS (Type of Service) value used for comparison. |
user |
Not Specified |
||||||
tos-mask |
Non-zero bit positions are used for comparison while zero bit positions are ignored. |
user |
Not Specified |
||||||
tos-negate |
Enable negated TOS match. |
option |
- |
||||||
|
|
||||||||
traffic-shaper |
Traffic shaper to apply to traffic forwarded by the firewall policy. |
string |
Maximum length: 35 |
||||||
traffic-shaper-reverse |
Traffic shaper to apply to response traffic received by the firewall policy. |
string |
Maximum length: 35 |
||||||
per-ip-shaper |
Per-IP traffic shaper to apply with this policy. |
string |
Maximum length: 35 |
||||||
class-id |
Traffic class ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
||||||
diffserv-forward |
Enable to change packet's DiffServ values to the specified diffservcode-forward value. |
option |
- |
||||||
|
|
||||||||
diffserv-reverse |
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. |
option |
- |
||||||
|
|
||||||||
diffservcode-forward |
Change packet's DiffServ to this value. |
user |
Not Specified |
||||||
diffservcode-rev |
Change packet's reverse (reply) DiffServ to this value. |
user |
Not Specified |