Fortinet black logo

CLI Reference

config firewall shaping-policy

config firewall shaping-policy

Configure shaping policies.

config firewall shaping-policy
    Description: Configure shaping policies.
    edit <id>
        set app-category <id1>, <id2>, ...
        set app-group <name1>, <name2>, ...
        set application <id1>, <id2>, ...
        set class-id {integer}
        set comment {var-string}
        set diffserv-forward [enable|disable]
        set diffserv-reverse [enable|disable]
        set diffservcode-forward {user}
        set diffservcode-rev {user}
        set dstaddr <name1>, <name2>, ...
        set dstaddr6 <name1>, <name2>, ...
        set dstintf <name1>, <name2>, ...
        set groups <name1>, <name2>, ...
        set internet-service [enable|disable]
        set internet-service-custom <name1>, <name2>, ...
        set internet-service-custom-group <name1>, <name2>, ...
        set internet-service-group <name1>, <name2>, ...
        set internet-service-name <name1>, <name2>, ...
        set internet-service-src [enable|disable]
        set internet-service-src-custom <name1>, <name2>, ...
        set internet-service-src-custom-group <name1>, <name2>, ...
        set internet-service-src-group <name1>, <name2>, ...
        set internet-service-src-name <name1>, <name2>, ...
        set ip-version [4|6]
        set name {string}
        set per-ip-shaper {string}
        set schedule {string}
        set service <name1>, <name2>, ...
        set srcaddr <name1>, <name2>, ...
        set srcaddr6 <name1>, <name2>, ...
        set srcintf <name1>, <name2>, ...
        set status [enable|disable]
        set tos {user}
        set tos-mask {user}
        set tos-negate [enable|disable]
        set traffic-shaper {string}
        set traffic-shaper-reverse {string}
        set url-category <id1>, <id2>, ...
        set users <name1>, <name2>, ...
    next
end

config firewall shaping-policy

Parameter

Description

Type

Size

Default

app-category <id>

IDs of one or more application categories that this shaper applies application control traffic shaping to.

Category IDs.

integer

Minimum value: 0 Maximum value: 4294967295

app-group <name>

One or more application group names.

Application group name.

string

Maximum length: 79

application <id>

IDs of one or more applications that this shaper applies application control traffic shaping to.

Application IDs.

integer

Minimum value: 0 Maximum value: 4294967295

class-id

Traffic class ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

comment

Comments.

var-string

Maximum length: 255

diffserv-forward

Enable to change packet's DiffServ values to the specified diffservcode-forward value.

option

-

disable

Option

Description

enable

Enable setting forward (original) traffic DiffServ.

disable

Disable setting forward (original) traffic DiffServ.

diffserv-reverse

Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.

option

-

disable

Option

Description

enable

Enable setting reverse (reply) traffic DiffServ.

disable

Disable setting reverse (reply) traffic DiffServ.

diffservcode-forward

Change packet's DiffServ to this value.

user

Not Specified

diffservcode-rev

Change packet's reverse (reply) DiffServ to this value.

user

Not Specified

dstaddr <name>

IPv4 destination address and address group names.

Address name.

string

Maximum length: 79

dstaddr6 <name>

IPv6 destination address and address group names.

Address name.

string

Maximum length: 79

dstintf <name>

One or more outgoing (egress) interfaces.

Interface name.

string

Maximum length: 79

groups <name>

Apply this traffic shaping policy to user groups that have authenticated with the FortiGate.

Group name.

string

Maximum length: 79

id

Shaping policy ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

internet-service

Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.

option

-

disable

Option

Description

enable

Enable use of Internet Service in shaping-policy.

disable

Disable use of Internet Service in shaping-policy.

internet-service-custom <name>

Custom Internet Service name.

Custom Internet Service name.

string

Maximum length: 79

internet-service-custom-group <name>

Custom Internet Service group name.

Custom Internet Service group name.

string

Maximum length: 79

internet-service-group <name>

Internet Service group name.

Internet Service group name.

string

Maximum length: 79

internet-service-name <name>

Internet Service ID.

Internet Service name.

string

Maximum length: 79

internet-service-src

Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.

option

-

disable

Option

Description

enable

Enable use of Internet Service source in shaping-policy.

disable

Disable use of Internet Service source in shaping-policy.

internet-service-src-custom <name>

Custom Internet Service source name.

Custom Internet Service name.

string

Maximum length: 79

internet-service-src-custom-group <name>

Custom Internet Service source group name.

Custom Internet Service group name.

string

Maximum length: 79

internet-service-src-group <name>

Internet Service source group name.

Internet Service group name.

string

Maximum length: 79

internet-service-src-name <name>

Internet Service source name.

Internet Service name.

string

Maximum length: 79

ip-version

Apply this traffic shaping policy to IPv4 or IPv6 traffic.

option

-

4

Option

Description

4

Use IPv4 addressing for Configuration Method.

6

Use IPv6 addressing for Configuration Method.

name

Shaping policy name.

string

Maximum length: 35

per-ip-shaper

Per-IP traffic shaper to apply with this policy.

string

Maximum length: 35

schedule

Schedule name.

string

Maximum length: 35

service <name>

Service and service group names.

Service name.

string

Maximum length: 79

srcaddr <name>

IPv4 source address and address group names.

Address name.

string

Maximum length: 79

srcaddr6 <name>

IPv6 source address and address group names.

Address name.

string

Maximum length: 79

srcintf <name>

One or more incoming (ingress) interfaces.

Interface name.

string

Maximum length: 79

status

Enable/disable this traffic shaping policy.

option

-

enable

Option

Description

enable

Enable traffic shaping policy.

disable

Disable traffic shaping policy.

tos

ToS (Type of Service) value used for comparison.

user

Not Specified

tos-mask

Non-zero bit positions are used for comparison while zero bit positions are ignored.

user

Not Specified

tos-negate

Enable negated TOS match.

option

-

disable

Option

Description

enable

Enable TOS match negate.

disable

Disable TOS match negate.

traffic-shaper

Traffic shaper to apply to traffic forwarded by the firewall policy.

string

Maximum length: 35

traffic-shaper-reverse

Traffic shaper to apply to response traffic received by the firewall policy.

string

Maximum length: 35

url-category <id>

IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to.

URL category ID.

integer

Minimum value: 0 Maximum value: 4294967295

users <name>

Apply this traffic shaping policy to individual users that have authenticated with the FortiGate.

User name.

string

Maximum length: 79

config firewall shaping-policy

Configure shaping policies.

config firewall shaping-policy
    Description: Configure shaping policies.
    edit <id>
        set app-category <id1>, <id2>, ...
        set app-group <name1>, <name2>, ...
        set application <id1>, <id2>, ...
        set class-id {integer}
        set comment {var-string}
        set diffserv-forward [enable|disable]
        set diffserv-reverse [enable|disable]
        set diffservcode-forward {user}
        set diffservcode-rev {user}
        set dstaddr <name1>, <name2>, ...
        set dstaddr6 <name1>, <name2>, ...
        set dstintf <name1>, <name2>, ...
        set groups <name1>, <name2>, ...
        set internet-service [enable|disable]
        set internet-service-custom <name1>, <name2>, ...
        set internet-service-custom-group <name1>, <name2>, ...
        set internet-service-group <name1>, <name2>, ...
        set internet-service-name <name1>, <name2>, ...
        set internet-service-src [enable|disable]
        set internet-service-src-custom <name1>, <name2>, ...
        set internet-service-src-custom-group <name1>, <name2>, ...
        set internet-service-src-group <name1>, <name2>, ...
        set internet-service-src-name <name1>, <name2>, ...
        set ip-version [4|6]
        set name {string}
        set per-ip-shaper {string}
        set schedule {string}
        set service <name1>, <name2>, ...
        set srcaddr <name1>, <name2>, ...
        set srcaddr6 <name1>, <name2>, ...
        set srcintf <name1>, <name2>, ...
        set status [enable|disable]
        set tos {user}
        set tos-mask {user}
        set tos-negate [enable|disable]
        set traffic-shaper {string}
        set traffic-shaper-reverse {string}
        set url-category <id1>, <id2>, ...
        set users <name1>, <name2>, ...
    next
end

config firewall shaping-policy

Parameter

Description

Type

Size

Default

app-category <id>

IDs of one or more application categories that this shaper applies application control traffic shaping to.

Category IDs.

integer

Minimum value: 0 Maximum value: 4294967295

app-group <name>

One or more application group names.

Application group name.

string

Maximum length: 79

application <id>

IDs of one or more applications that this shaper applies application control traffic shaping to.

Application IDs.

integer

Minimum value: 0 Maximum value: 4294967295

class-id

Traffic class ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

comment

Comments.

var-string

Maximum length: 255

diffserv-forward

Enable to change packet's DiffServ values to the specified diffservcode-forward value.

option

-

disable

Option

Description

enable

Enable setting forward (original) traffic DiffServ.

disable

Disable setting forward (original) traffic DiffServ.

diffserv-reverse

Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.

option

-

disable

Option

Description

enable

Enable setting reverse (reply) traffic DiffServ.

disable

Disable setting reverse (reply) traffic DiffServ.

diffservcode-forward

Change packet's DiffServ to this value.

user

Not Specified

diffservcode-rev

Change packet's reverse (reply) DiffServ to this value.

user

Not Specified

dstaddr <name>

IPv4 destination address and address group names.

Address name.

string

Maximum length: 79

dstaddr6 <name>

IPv6 destination address and address group names.

Address name.

string

Maximum length: 79

dstintf <name>

One or more outgoing (egress) interfaces.

Interface name.

string

Maximum length: 79

groups <name>

Apply this traffic shaping policy to user groups that have authenticated with the FortiGate.

Group name.

string

Maximum length: 79

id

Shaping policy ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

internet-service

Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.

option

-

disable

Option

Description

enable

Enable use of Internet Service in shaping-policy.

disable

Disable use of Internet Service in shaping-policy.

internet-service-custom <name>

Custom Internet Service name.

Custom Internet Service name.

string

Maximum length: 79

internet-service-custom-group <name>

Custom Internet Service group name.

Custom Internet Service group name.

string

Maximum length: 79

internet-service-group <name>

Internet Service group name.

Internet Service group name.

string

Maximum length: 79

internet-service-name <name>

Internet Service ID.

Internet Service name.

string

Maximum length: 79

internet-service-src

Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.

option

-

disable

Option

Description

enable

Enable use of Internet Service source in shaping-policy.

disable

Disable use of Internet Service source in shaping-policy.

internet-service-src-custom <name>

Custom Internet Service source name.

Custom Internet Service name.

string

Maximum length: 79

internet-service-src-custom-group <name>

Custom Internet Service source group name.

Custom Internet Service group name.

string

Maximum length: 79

internet-service-src-group <name>

Internet Service source group name.

Internet Service group name.

string

Maximum length: 79

internet-service-src-name <name>

Internet Service source name.

Internet Service name.

string

Maximum length: 79

ip-version

Apply this traffic shaping policy to IPv4 or IPv6 traffic.

option

-

4

Option

Description

4

Use IPv4 addressing for Configuration Method.

6

Use IPv6 addressing for Configuration Method.

name

Shaping policy name.

string

Maximum length: 35

per-ip-shaper

Per-IP traffic shaper to apply with this policy.

string

Maximum length: 35

schedule

Schedule name.

string

Maximum length: 35

service <name>

Service and service group names.

Service name.

string

Maximum length: 79

srcaddr <name>

IPv4 source address and address group names.

Address name.

string

Maximum length: 79

srcaddr6 <name>

IPv6 source address and address group names.

Address name.

string

Maximum length: 79

srcintf <name>

One or more incoming (ingress) interfaces.

Interface name.

string

Maximum length: 79

status

Enable/disable this traffic shaping policy.

option

-

enable

Option

Description

enable

Enable traffic shaping policy.

disable

Disable traffic shaping policy.

tos

ToS (Type of Service) value used for comparison.

user

Not Specified

tos-mask

Non-zero bit positions are used for comparison while zero bit positions are ignored.

user

Not Specified

tos-negate

Enable negated TOS match.

option

-

disable

Option

Description

enable

Enable TOS match negate.

disable

Disable TOS match negate.

traffic-shaper

Traffic shaper to apply to traffic forwarded by the firewall policy.

string

Maximum length: 35

traffic-shaper-reverse

Traffic shaper to apply to response traffic received by the firewall policy.

string

Maximum length: 35

url-category <id>

IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to.

URL category ID.

integer

Minimum value: 0 Maximum value: 4294967295

users <name>

Apply this traffic shaping policy to individual users that have authenticated with the FortiGate.

User name.

string

Maximum length: 79