Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiProxy 7.4.9 Administration Guide
    7.4.9
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.9
    7.4.8
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.0
    7.0.19
    7.0.17
    7.0.0
    2.0.0
    1.2.0
    1.1.0
    1.0.0

    Response shaping policies NEW

    Response shaping policies NEW

    A response shaping policy is a specialized type of traffic shaping policy that works on the top of a traffic shaping policy to further match the traffic based on certain HTTP response header fields. When Http Response Match is enabled in a traffic shaping policy, any traffic that matches the traffic shaping policy is further evaluated against the list of response shaping policies. If a match is found, the traffic will be mapped to the traffic shaper or assigned to the class defined in the response shaping policy instead of the ones defined in the original matching traffic shaping policy.

    The response shaping policies must be placed in the correct order in the response shaping policy list page to obtain the desired results. Policies are matched from top-down, so the response shaping policies should be arranged in a sequence that places the more granular policies above general policies.

    To create or edit a response shaping policy:

    1. Go to Policy & Objects > Traffic Shaping and select the Response Shaping Policies tab.

      If the menu does not display the traffic shaping settings, go to System > Feature Visibility and enable Traffic Shaping.

    2. Select Create New to open the Create Response Shaping Policy window or select a policy and then click Edit to change a response shaping policy.

    3. Configure the following options:

      IP Version

      Select IPv4 or IPv6.

      Status

      Policies are enabled by default. To disable to policy, click Disabled.

      Name

      Specify the name of the response shaping policy.

      Comment

      Enter any additional information that might be needed by administrators, as a reminder of the policyʼs purpose and scope. This setting is optional.

      Source

      Select or create the source address, address group, user, or user group that the traffic must match. You can select multiple sources in multiple categories.

      Destination

      Select or create the destination proxy address(es) that the traffic must match. The destination proxy address(es) must be the Response Header type. See Proxy address for more details.

      Schedule

      Select a schedule (one-time, recurring, or group) from the drop-down list for the response shaping policy, which allows different traffic shaping for different days or different hours of the day without administrative intervention. Select Create to create a schedule. The default is always, which means the shaping policy is always applied. For more information, see Schedules.

      Class ID

      The class ID of a traffic shaper for outgoing packets.

      Reverse Class ID

      The class ID of a traffic shaper for incoming packets.

      Shared shaper

      Enable or disable Shared traffic shaper.

      Reverse shaper

      Enable or disable reverse traffic shapers.

      Per-IP shaper

      Enable or disable Per-IP traffic shaper.
    4. Click OK.

    Alternatively, use the config firewall response-shaping-policy command.

    See Traffic shaping based on HTTP response NEW for an end-to-end configuration example.

    Previous
    Next

    Response shaping policies NEW

    Response shaping policies NEW

    A response shaping policy is a specialized type of traffic shaping policy that works on the top of a traffic shaping policy to further match the traffic based on certain HTTP response header fields. When Http Response Match is enabled in a traffic shaping policy, any traffic that matches the traffic shaping policy is further evaluated against the list of response shaping policies. If a match is found, the traffic will be mapped to the traffic shaper or assigned to the class defined in the response shaping policy instead of the ones defined in the original matching traffic shaping policy.

    The response shaping policies must be placed in the correct order in the response shaping policy list page to obtain the desired results. Policies are matched from top-down, so the response shaping policies should be arranged in a sequence that places the more granular policies above general policies.

    To create or edit a response shaping policy:

    1. Go to Policy & Objects > Traffic Shaping and select the Response Shaping Policies tab.

      If the menu does not display the traffic shaping settings, go to System > Feature Visibility and enable Traffic Shaping.

    2. Select Create New to open the Create Response Shaping Policy window or select a policy and then click Edit to change a response shaping policy.

    3. Configure the following options:

      IP Version

      Select IPv4 or IPv6.

      Status

      Policies are enabled by default. To disable to policy, click Disabled.

      Name

      Specify the name of the response shaping policy.

      Comment

      Enter any additional information that might be needed by administrators, as a reminder of the policyʼs purpose and scope. This setting is optional.

      Source

      Select or create the source address, address group, user, or user group that the traffic must match. You can select multiple sources in multiple categories.

      Destination

      Select or create the destination proxy address(es) that the traffic must match. The destination proxy address(es) must be the Response Header type. See Proxy address for more details.

      Schedule

      Select a schedule (one-time, recurring, or group) from the drop-down list for the response shaping policy, which allows different traffic shaping for different days or different hours of the day without administrative intervention. Select Create to create a schedule. The default is always, which means the shaping policy is always applied. For more information, see Schedules.

      Class ID

      The class ID of a traffic shaper for outgoing packets.

      Reverse Class ID

      The class ID of a traffic shaper for incoming packets.

      Shared shaper

      Enable or disable Shared traffic shaper.

      Reverse shaper

      Enable or disable reverse traffic shapers.

      Per-IP shaper

      Enable or disable Per-IP traffic shaper.
    4. Click OK.

    Alternatively, use the config firewall response-shaping-policy command.

    See Traffic shaping based on HTTP response NEW for an end-to-end configuration example.

    Previous
    Next