Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.4.2 Administration Guide
    7.4.2
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    Create a new traffic shaping policy

    Create a new traffic shaping policy

    The section describes how to create new traffic shaping policies.

    See Traffic shaping in the FortiOS Administration Guide for more information.

    Note

    You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.
    To create a new Traffic Shaping policy:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Go to Policy & Objects > Policy Packages.
    3. In the tree menu for the policy package in which you will be creating the new policy, select Traffic Shaping Policy. If you are in the Global Database ADOM, select Traffic Shaping Header Policy or Traffic Shaping Footer Policy.
    4. Click Create New.
    5. Enter the following information:

      Option

      Description

      IP Version

      Select the IP address version: IPv4 or IPv6.

      Name

      Enter a unique name for the policy. Each policy must have a unique name.

      Status

      Enable or Disable this policy.

      Comments

      		Add a description of the policy, such as its purpose, or the changes that have been made to it.

      If Traffic Matches:

      Source Internet Service

      Enable or disable source internet service, then select services.

      This option is only available when the IP Version is IPv4.

      Source Address

      Select source addresses, address groups, virtual IPs, and virtual IP groups.

      This option is only available when Source Internet Service is off.

      Source User

      Select source users.

      This option is only available when Source Internet Service is off.

      Source User Group

      Select source user groups.

      This option is only available when Source Internet Service is off.

      Destination Internet Service

      Turn destination internet service on or off, then select services.

      Destination Address

      Select destination addresses, address groups, virtual IPs, and virtual IP groups.

      This option is only available when Destination Internet Service is off.

      Schedule

      Select a one-time schedule, recurring schedule, or schedule group.

      Service

      Select services and service groups.

      This option is only available when Destination Internet Service is off.

      Application

      Select applications.

      Application Category

      Select application categories.

      Application Group

      Select application groups.

      URL Category

      Select URL categories.

      Type of Service

      Specify the type of service (ToS) hexidecimal value.

      Type of Service Mask

      Specify the hexidecimal mask to be matched against the ToS.

      Then:

      Action

      Select the action to take if traffic matches: Apply Shaper or Assign Group.

      Outgoing Interface

      Select outgoing interfaces.

      Shared Shaper

      Select a shared traffic shaper. This option is only available when Action is set to Apply Shaper.

      Reverse Shaper

      Select a reverse traffic shaper. This option is only available when Action is set to Apply Shaper.

      Per-IP Shaper

      Select s per-IP traffic shaper. This option is only available when Action is set to Apply Shaper.

      Traffic Shaping Class ID

      Select the shaping class to which this traffic should be assigned. This option is only available when Action is set to Assign Group.

      Differentiated Services

      Enable or disable application of a differentiated services tag to a packet's DiffServ value, then enter the tag.

      Differentiated Services Reverse

      Enable or disable application of a differentiated services tag to a packet's reverse DiffServ value, then enter the tag.

      Advanced Options

      Configure advanced options, see Advanced options below.

      For more information on advanced option, see the FortiOS CLI Reference.

      Change Note

      		Add a description of the changes being made to the policy. This field is required.
    6. Click OK to create the policy. You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.
    Advanced options

    Option

    Description

    Default

    srcintf

    Select one or more incoming interfaces.

    none

    tos-negate

    Enable or disable negation of the ToS value.

    disable

    uuid

    Enter the universally unique identifier (UUID). This value is automatically assigned but can be manually reset.

    00000000-0000- 0000-0000- 000000000000
    Previous
    Next

    Create a new traffic shaping policy

    Create a new traffic shaping policy

    The section describes how to create new traffic shaping policies.

    See Traffic shaping in the FortiOS Administration Guide for more information.

    Note

    You must enable the visibility of this feature in Policy & Objects before it can be configured. To toggle feature visibility, go to Policy & Objects > Tools > Feature Visibility, and add or remove a checkmark for the corresponding feature.
    To create a new Traffic Shaping policy:
    1. If using ADOMs, ensure that you are in the correct ADOM.
    2. Go to Policy & Objects > Policy Packages.
    3. In the tree menu for the policy package in which you will be creating the new policy, select Traffic Shaping Policy. If you are in the Global Database ADOM, select Traffic Shaping Header Policy or Traffic Shaping Footer Policy.
    4. Click Create New.
    5. Enter the following information:

      Option

      Description

      IP Version

      Select the IP address version: IPv4 or IPv6.

      Name

      Enter a unique name for the policy. Each policy must have a unique name.

      Status

      Enable or Disable this policy.

      Comments

      		Add a description of the policy, such as its purpose, or the changes that have been made to it.

      If Traffic Matches:

      Source Internet Service

      Enable or disable source internet service, then select services.

      This option is only available when the IP Version is IPv4.

      Source Address

      Select source addresses, address groups, virtual IPs, and virtual IP groups.

      This option is only available when Source Internet Service is off.

      Source User

      Select source users.

      This option is only available when Source Internet Service is off.

      Source User Group

      Select source user groups.

      This option is only available when Source Internet Service is off.

      Destination Internet Service

      Turn destination internet service on or off, then select services.

      Destination Address

      Select destination addresses, address groups, virtual IPs, and virtual IP groups.

      This option is only available when Destination Internet Service is off.

      Schedule

      Select a one-time schedule, recurring schedule, or schedule group.

      Service

      Select services and service groups.

      This option is only available when Destination Internet Service is off.

      Application

      Select applications.

      Application Category

      Select application categories.

      Application Group

      Select application groups.

      URL Category

      Select URL categories.

      Type of Service

      Specify the type of service (ToS) hexidecimal value.

      Type of Service Mask

      Specify the hexidecimal mask to be matched against the ToS.

      Then:

      Action

      Select the action to take if traffic matches: Apply Shaper or Assign Group.

      Outgoing Interface

      Select outgoing interfaces.

      Shared Shaper

      Select a shared traffic shaper. This option is only available when Action is set to Apply Shaper.

      Reverse Shaper

      Select a reverse traffic shaper. This option is only available when Action is set to Apply Shaper.

      Per-IP Shaper

      Select s per-IP traffic shaper. This option is only available when Action is set to Apply Shaper.

      Traffic Shaping Class ID

      Select the shaping class to which this traffic should be assigned. This option is only available when Action is set to Assign Group.

      Differentiated Services

      Enable or disable application of a differentiated services tag to a packet's DiffServ value, then enter the tag.

      Differentiated Services Reverse

      Enable or disable application of a differentiated services tag to a packet's reverse DiffServ value, then enter the tag.

      Advanced Options

      Configure advanced options, see Advanced options below.

      For more information on advanced option, see the FortiOS CLI Reference.

      Change Note

      		Add a description of the changes being made to the policy. This field is required.
    6. Click OK to create the policy. You can select to enable or disable the policy in the right-click menu. When disabled, a disabled icon will be displayed in the Seq.# column to the left of the number. By default, policies will be added to the bottom of the list, but above the implicit policy.
    Advanced options

    Option

    Description

    Default

    srcintf

    Select one or more incoming interfaces.

    none

    tos-negate

    Enable or disable negation of the ToS value.

    disable

    uuid

    Enter the universally unique identifier (UUID). This value is automatically assigned but can be manually reset.

    00000000-0000- 0000-0000- 000000000000
    Previous
    Next