Fortinet black logo

Administration Guide

Create a new traffic shaping policy

Create a new traffic shaping policy

The section describes how to create new traffic shaping policies.

See Traffic shaping in the FortiOS Administration Guide for more information.

Note

You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.

To create a new Traffic Shaping policy:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu for the policy package in which you will be creating the new policy, select Traffic Shaping Policy. If you are in the Global Database ADOM, select Traffic Shaping Header Policy or Traffic Shaping Footer Policy.
  4. Click Create New.
  5. Enter the following information:

    Option

    Description

    IP Version

    Select the IP address version: IPv4 or IPv6.

    Name

    Enter a unique name for the policy. Each policy must have a unique name.

    Status

    Enable or Disable this policy.

    Comments

    Add a description of the policy, such as its purpose, or the changes that have been made to it.

    If Traffic Matches:

    Source Internet Service

    Enable or disable source internet service, then select services.

    This option is only available when the IP Version is IPv4.

    Source Address

    Select source addresses, address groups, virtual IPs, and virtual IP groups.

    This option is only available when Source Internet Service is off.

    Source User

    Select source users.

    This option is only available when Source Internet Service is off.

    Source User Group

    Select source user groups.

    This option is only available when Source Internet Service is off.

    Destination Internet Service

    Turn destination internet service on or off, then select services.

    Destination Address

    Select destination addresses, address groups, virtual IPs, and virtual IP groups.

    This option is only available when Destination Internet Service is off.

    Schedule

    Select a one-time schedule, recurring schedule, or schedule group.

    Service

    Select services and service groups.

    This option is only available when Destination Internet Service is off.

    Application

    Select applications.

    Application Category

    Select application categories.

    Application Group

    Select application groups.

    URL Category

    Select URL categories.

    Type of Service

    Specify the type of service (ToS) hexidecimal value.

    Type of Service Mask

    Specify the hexidecimal mask to be matched against the ToS.

    Then:

    Action

    Select the action to take if traffic matches: Apply Shaper or Assign Group.

    Outgoing Interface

    Select outgoing interfaces.

    Shared Shaper

    Select a shared traffic shaper. This option is only available when Action is set to Apply Shaper.

    Reverse Shaper

    Select a reverse traffic shaper. This option is only available when Action is set to Apply Shaper.

    Per-IP Shaper

    Select s per-IP traffic shaper. This option is only available when Action is set to Apply Shaper.

    Traffic Shaping Class ID

    Select the shaping class to which this traffic should be assigned. This option is only available when Action is set to Assign Group.

    Differentiated Services

    Enable or disable application of a differentiated services tag to a packet's DiffServ value, then enter the tag.

    Differentiated Services Reverse

    Enable or disable application of a differentiated services tag to a packet's reverse DiffServ value, then enter the tag.

    Advanced Options

    Configure advanced options, see Advanced options below.

    For more information on advanced option, see the FortiOS CLI Reference.

    Change Note

    Add a description of the changes being made to the policy. This field is required.
  6. Click OK to create the policy. You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.
Advanced options

Option

Description

Default

srcintf

Select one or more incoming interfaces.

none

tos-negate

Enable or disable negation of the ToS value.

disable

uuid

Enter the universally unique identifier (UUID). This value is automatically assigned but can be manually reset.

00000000-0000- 0000-0000- 000000000000

Create a new traffic shaping policy

The section describes how to create new traffic shaping policies.

See Traffic shaping in the FortiOS Administration Guide for more information.

Note

You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.

To create a new Traffic Shaping policy:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to Policy & Objects > Policy Packages.
  3. In the tree menu for the policy package in which you will be creating the new policy, select Traffic Shaping Policy. If you are in the Global Database ADOM, select Traffic Shaping Header Policy or Traffic Shaping Footer Policy.
  4. Click Create New.
  5. Enter the following information:

    Option

    Description

    IP Version

    Select the IP address version: IPv4 or IPv6.

    Name

    Enter a unique name for the policy. Each policy must have a unique name.

    Status

    Enable or Disable this policy.

    Comments

    Add a description of the policy, such as its purpose, or the changes that have been made to it.

    If Traffic Matches:

    Source Internet Service

    Enable or disable source internet service, then select services.

    This option is only available when the IP Version is IPv4.

    Source Address

    Select source addresses, address groups, virtual IPs, and virtual IP groups.

    This option is only available when Source Internet Service is off.

    Source User

    Select source users.

    This option is only available when Source Internet Service is off.

    Source User Group

    Select source user groups.

    This option is only available when Source Internet Service is off.

    Destination Internet Service

    Turn destination internet service on or off, then select services.

    Destination Address

    Select destination addresses, address groups, virtual IPs, and virtual IP groups.

    This option is only available when Destination Internet Service is off.

    Schedule

    Select a one-time schedule, recurring schedule, or schedule group.

    Service

    Select services and service groups.

    This option is only available when Destination Internet Service is off.

    Application

    Select applications.

    Application Category

    Select application categories.

    Application Group

    Select application groups.

    URL Category

    Select URL categories.

    Type of Service

    Specify the type of service (ToS) hexidecimal value.

    Type of Service Mask

    Specify the hexidecimal mask to be matched against the ToS.

    Then:

    Action

    Select the action to take if traffic matches: Apply Shaper or Assign Group.

    Outgoing Interface

    Select outgoing interfaces.

    Shared Shaper

    Select a shared traffic shaper. This option is only available when Action is set to Apply Shaper.

    Reverse Shaper

    Select a reverse traffic shaper. This option is only available when Action is set to Apply Shaper.

    Per-IP Shaper

    Select s per-IP traffic shaper. This option is only available when Action is set to Apply Shaper.

    Traffic Shaping Class ID

    Select the shaping class to which this traffic should be assigned. This option is only available when Action is set to Assign Group.

    Differentiated Services

    Enable or disable application of a differentiated services tag to a packet's DiffServ value, then enter the tag.

    Differentiated Services Reverse

    Enable or disable application of a differentiated services tag to a packet's reverse DiffServ value, then enter the tag.

    Advanced Options

    Configure advanced options, see Advanced options below.

    For more information on advanced option, see the FortiOS CLI Reference.

    Change Note

    Add a description of the changes being made to the policy. This field is required.
  6. Click OK to create the policy. You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.
Advanced options

Option

Description

Default

srcintf

Select one or more incoming interfaces.

none

tos-negate

Enable or disable negation of the ToS value.

disable

uuid

Enter the universally unique identifier (UUID). This value is automatically assigned but can be manually reset.

00000000-0000- 0000-0000- 000000000000