Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.4.1 Administration Guide
    7.4.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Application groups in traffic shaping policies

    Application groups in traffic shaping policies

    Application groups can be configured in traffic shaping policies. In this example, there are two traffic shaping policies:

    • Policy 1 is for traffic related to cloud applications and has high priority.
    • Policy 2 is for other traffic and has low priority.
    Note

    At least one firewall policy must have application control enabled for the applications to match any policy traffic.
    To configure a traffic shaping policy to use an application group in the GUI:

    1. Configure an application group for cloud applications:

      1. Go to Security Profiles > Application Signatures.

      2. Click Create New > Application Group. The New Application Group page opens.

      3. Enter a name for the group, and for Type, select Application.

      4. Click the + to add the group the members.

      5. Click OK.

    2. Create the shaping policy for the high priority cloud application traffic:

      1. Go to Policy & Objects > Traffic Shaping, select the Traffic Shaping Policies tab, and click Create New.

      2. Enter the following:

        Name

        For Cloud Traffic

        Source

        All

        Destination

        All

        Service

        All

        Application

        Add the Cloud.IT category and the cloud app group application group.

        Outgoing interface

        port1

        Shared shaper

        high-priority

        Reverse shaper

        high-priority

      3. Click OK.

    3. Create the shaping policy for the low priority other traffic:

      1. Click Create New and enter the following:

        Name

        For Other Traffic

        Source

        All

        Destination

        All

        Service

        All

        Outgoing interface

        port1

        Shared shaper

        low-priority

        Reverse shaper

        low-priority

      2. Click OK.

    To configure a traffic shaping policy to use an application group in the CLI:

    1. Configure an application group for cloud applications:

      config application group
    edit "cloud app group"
        set application 27210 36740 35944 43296 33048
    next
end

    2. Create the shaping policies for the high priority cloud application traffic and low priority other traffic:

      config firewall shaping-policy
    edit 1
        set name "For Cloud Traffic"
        set service "ALL"
        set app-category 30
        set app-group "cloud app group"
        set dstintf "port1"
        set traffic-shaper "high-priority"
        set traffic-shaper-reverse "high-priority"
        set srcaddr "all"
        set dstaddr "all"
    next
    edit 2
        set name "For Other Traffic"
        set service "ALL"
        set dstintf "port1"
        set traffic-shaper "low-priority"
        set traffic-shaper-reverse "low-priority"
        set srcaddr "all"
        set dstaddr "all"
    next
end
    Previous
    Next

    Related Videos

    sidebar video

    Application Group in Traffic Shaping Policy

    • 2,043 views
    • 5 years ago

    Application groups in traffic shaping policies

    Application groups in traffic shaping policies

    Application groups can be configured in traffic shaping policies. In this example, there are two traffic shaping policies:

    • Policy 1 is for traffic related to cloud applications and has high priority.
    • Policy 2 is for other traffic and has low priority.
    Note

    At least one firewall policy must have application control enabled for the applications to match any policy traffic.
    To configure a traffic shaping policy to use an application group in the GUI:

    1. Configure an application group for cloud applications:

      1. Go to Security Profiles > Application Signatures.

      2. Click Create New > Application Group. The New Application Group page opens.

      3. Enter a name for the group, and for Type, select Application.

      4. Click the + to add the group the members.

      5. Click OK.

    2. Create the shaping policy for the high priority cloud application traffic:

      1. Go to Policy & Objects > Traffic Shaping, select the Traffic Shaping Policies tab, and click Create New.

      2. Enter the following:

        Name

        For Cloud Traffic

        Source

        All

        Destination

        All

        Service

        All

        Application

        Add the Cloud.IT category and the cloud app group application group.

        Outgoing interface

        port1

        Shared shaper

        high-priority

        Reverse shaper

        high-priority

      3. Click OK.

    3. Create the shaping policy for the low priority other traffic:

      1. Click Create New and enter the following:

        Name

        For Other Traffic

        Source

        All

        Destination

        All

        Service

        All

        Outgoing interface

        port1

        Shared shaper

        low-priority

        Reverse shaper

        low-priority

      2. Click OK.

    To configure a traffic shaping policy to use an application group in the CLI:

    1. Configure an application group for cloud applications:

      config application group
    edit "cloud app group"
        set application 27210 36740 35944 43296 33048
    next
end

    2. Create the shaping policies for the high priority cloud application traffic and low priority other traffic:

      config firewall shaping-policy
    edit 1
        set name "For Cloud Traffic"
        set service "ALL"
        set app-category 30
        set app-group "cloud app group"
        set dstintf "port1"
        set traffic-shaper "high-priority"
        set traffic-shaper-reverse "high-priority"
        set srcaddr "all"
        set dstaddr "all"
    next
    edit 2
        set name "For Other Traffic"
        set service "ALL"
        set dstintf "port1"
        set traffic-shaper "low-priority"
        set traffic-shaper-reverse "low-priority"
        set srcaddr "all"
        set dstaddr "all"
    next
end
    Previous
    Next