Fortinet black logo

Administration Guide

Application groups in traffic shaping policies

Application groups in traffic shaping policies

Application groups can be configured in traffic shaping policies. In this example, there are two traffic shaping policies:

  • Policy 1 is for traffic related to cloud applications and has high priority.
  • Policy 2 is for other traffic and has low priority.
Note

At least one firewall policy must have application control enabled for the applications to match any policy traffic.

To configure a traffic shaping policy to use an application group in the GUI:
  1. Configure an application group for cloud applications:

    1. Go to Security Profiles > Application Signatures.

    2. Click Create New > Application Group. The New Application Group page opens.

    3. Enter a name for the group, and for Type, select Application.

    4. Click the + to add the group the members.

    5. Click OK.

  2. Create the shaping policy for the high priority cloud application traffic:

    1. Go to Policy & Objects > Traffic Shaping, select the Traffic Shaping Policies tab, and click Create New.

    2. Enter the following:

      Name

      For Cloud Traffic

      Source

      All

      Destination

      All

      Service

      All

      Application

      Add the Cloud.IT category and the cloud app group application group.

      Outgoing interface

      port1

      Shared shaper

      high-priority

      Reverse shaper

      high-priority

    3. Click OK.

  3. Create the shaping policy for the low priority other traffic:

    1. Click Create New and enter the following:

      Name

      For Other Traffic

      Source

      All

      Destination

      All

      Service

      All

      Outgoing interface

      port1

      Shared shaper

      low-priority

      Reverse shaper

      low-priority

    2. Click OK.

To configure a traffic shaping policy to use an application group in the CLI:
  1. Configure an application group for cloud applications:

    config application group
        edit "cloud app group"
            set application 27210 36740 35944 43296 33048
        next
    end
    
  2. Create the shaping policies for the high priority cloud application traffic and low priority other traffic:

    config firewall shaping-policy
        edit 1
            set name "For Cloud Traffic"
            set service "ALL"
            set app-category 30
            set app-group "cloud app group"
            set dstintf "port1"
            set traffic-shaper "high-priority"
            set traffic-shaper-reverse "high-priority"
            set srcaddr "all"
            set dstaddr "all"
        next
        edit 2
            set name "For Other Traffic"
            set service "ALL"
            set dstintf "port1"
            set traffic-shaper "low-priority"
            set traffic-shaper-reverse "low-priority"
            set srcaddr "all"
            set dstaddr "all"
        next
    end

Related Videos

sidebar video

Application Group in Traffic Shaping Policy

  • 1,962 views
  • 4 years ago

Application groups in traffic shaping policies

Application groups can be configured in traffic shaping policies. In this example, there are two traffic shaping policies:

  • Policy 1 is for traffic related to cloud applications and has high priority.
  • Policy 2 is for other traffic and has low priority.
Note

At least one firewall policy must have application control enabled for the applications to match any policy traffic.

To configure a traffic shaping policy to use an application group in the GUI:
  1. Configure an application group for cloud applications:

    1. Go to Security Profiles > Application Signatures.

    2. Click Create New > Application Group. The New Application Group page opens.

    3. Enter a name for the group, and for Type, select Application.

    4. Click the + to add the group the members.

    5. Click OK.

  2. Create the shaping policy for the high priority cloud application traffic:

    1. Go to Policy & Objects > Traffic Shaping, select the Traffic Shaping Policies tab, and click Create New.

    2. Enter the following:

      Name

      For Cloud Traffic

      Source

      All

      Destination

      All

      Service

      All

      Application

      Add the Cloud.IT category and the cloud app group application group.

      Outgoing interface

      port1

      Shared shaper

      high-priority

      Reverse shaper

      high-priority

    3. Click OK.

  3. Create the shaping policy for the low priority other traffic:

    1. Click Create New and enter the following:

      Name

      For Other Traffic

      Source

      All

      Destination

      All

      Service

      All

      Outgoing interface

      port1

      Shared shaper

      low-priority

      Reverse shaper

      low-priority

    2. Click OK.

To configure a traffic shaping policy to use an application group in the CLI:
  1. Configure an application group for cloud applications:

    config application group
        edit "cloud app group"
            set application 27210 36740 35944 43296 33048
        next
    end
    
  2. Create the shaping policies for the high priority cloud application traffic and low priority other traffic:

    config firewall shaping-policy
        edit 1
            set name "For Cloud Traffic"
            set service "ALL"
            set app-category 30
            set app-group "cloud app group"
            set dstintf "port1"
            set traffic-shaper "high-priority"
            set traffic-shaper-reverse "high-priority"
            set srcaddr "all"
            set dstaddr "all"
        next
        edit 2
            set name "For Other Traffic"
            set service "ALL"
            set dstintf "port1"
            set traffic-shaper "low-priority"
            set traffic-shaper-reverse "low-priority"
            set srcaddr "all"
            set dstaddr "all"
        next
    end