config firewall shaping-policy
Configure shaping policies.
config firewall shaping-policy
Description: Configure shaping policies.
edit <id>
set name {string}
set comment {var-string}
set status [enable|disable]
set ip-version [4|6]
set srcaddr <name1>, <name2>, ...
set dstaddr <name1>, <name2>, ...
set srcaddr6 <name1>, <name2>, ...
set dstaddr6 <name1>, <name2>, ...
set internet-service [enable|disable]
set internet-service-id <id1>, <id2>, ...
set internet-service-group <name1>, <name2>, ...
set internet-service-custom <name1>, <name2>, ...
set internet-service-custom-group <name1>, <name2>, ...
set internet-service-src [enable|disable]
set internet-service-src-id <id1>, <id2>, ...
set internet-service-src-group <name1>, <name2>, ...
set internet-service-src-custom <name1>, <name2>, ...
set internet-service-src-custom-group <name1>, <name2>, ...
set service <name1>, <name2>, ...
set schedule {string}
set users <name1>, <name2>, ...
set groups <name1>, <name2>, ...
set application <id1>, <id2>, ...
set app-category <id1>, <id2>, ...
set app-group <name1>, <name2>, ...
set url-category <id1>, <id2>, ...
set srcintf <name1>, <name2>, ...
set dstintf <name1>, <name2>, ...
set tos {user}
set tos-mask {user}
set tos-negate [enable|disable]
set traffic-shaper {string}
set traffic-shaper-reverse {string}
set per-ip-shaper {string}
set class-id {integer}
set diffserv-forward [enable|disable]
set diffserv-reverse [enable|disable]
set diffservcode-forward {user}
set diffservcode-rev {user}
next
end
config firewall shaping-policy
Parameter |
Description |
Type |
Size |
|||||||
---|---|---|---|---|---|---|---|---|---|---|
name |
Shaping policy name. |
string |
Not Specified |
|||||||
comment |
Comments. |
var-string |
Not Specified |
|||||||
status |
Enable/disable this traffic shaping policy. |
option |
- |
|||||||
|
|
|||||||||
ip-version |
Apply this traffic shaping policy to IPv4 or IPv6 traffic. |
option |
- |
|||||||
|
|
|||||||||
srcaddr |
IPv4 source address and address group names. Address name. |
string |
Maximum length: 79 |
|||||||
dstaddr |
IPv4 destination address and address group names. Address name. |
string |
Maximum length: 79 |
|||||||
srcaddr6 |
IPv6 source address and address group names. Address name. |
string |
Maximum length: 79 |
|||||||
dstaddr6 |
IPv6 destination address and address group names. Address name. |
string |
Maximum length: 79 |
|||||||
internet-service |
Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. |
option |
- |
|||||||
|
|
|||||||||
internet-service-id |
Internet Service ID. Internet Service ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||
internet-service-group |
Internet Service group name. Internet Service group name. |
string |
Maximum length: 79 |
|||||||
internet-service-custom |
Custom Internet Service name. Custom Internet Service name. |
string |
Maximum length: 79 |
|||||||
internet-service-custom-group |
Custom Internet Service group name. Custom Internet Service group name. |
string |
Maximum length: 79 |
|||||||
internet-service-src |
Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. |
option |
- |
|||||||
|
|
|||||||||
internet-service-src-id |
Internet Service source ID. Internet Service ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||
internet-service-src-group |
Internet Service source group name. Internet Service group name. |
string |
Maximum length: 79 |
|||||||
internet-service-src-custom |
Custom Internet Service source name. Custom Internet Service name. |
string |
Maximum length: 79 |
|||||||
internet-service-src-custom-group |
Custom Internet Service source group name. Custom Internet Service group name. |
string |
Maximum length: 79 |
|||||||
service |
Service and service group names. Service name. |
string |
Maximum length: 79 |
|||||||
schedule |
Schedule name. |
string |
Not Specified |
|||||||
users |
Apply this traffic shaping policy to individual users that have authenticated with the FortiGate. User name. |
string |
Maximum length: 79 |
|||||||
groups |
Apply this traffic shaping policy to user groups that have authenticated with the FortiGate. Group name. |
string |
Maximum length: 79 |
|||||||
application |
IDs of one or more applications that this shaper applies application control traffic shaping to. Application IDs. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||
app-category |
IDs of one or more application categories that this shaper applies application control traffic shaping to. Category IDs. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||
app-group |
One or more application group names. Application group name. |
string |
Maximum length: 79 |
|||||||
url-category |
IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to. URL category ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||
srcintf |
One or more incoming (ingress) interfaces. Interface name. |
string |
Maximum length: 79 |
|||||||
dstintf |
One or more outgoing (egress) interfaces. Interface name. |
string |
Maximum length: 79 |
|||||||
tos |
ToS (Type of Service) value used for comparison. |
user |
Not Specified |
|||||||
tos-mask |
Non-zero bit positions are used for comparison while zero bit positions are ignored. |
user |
Not Specified |
|||||||
tos-negate |
Enable negated TOS match. |
option |
- |
|||||||
|
|
|||||||||
traffic-shaper |
Traffic shaper to apply to traffic forwarded by the firewall policy. |
string |
Not Specified |
|||||||
traffic-shaper-reverse |
Traffic shaper to apply to response traffic received by the firewall policy. |
string |
Not Specified |
|||||||
per-ip-shaper |
Per-IP traffic shaper to apply with this policy. |
string |
Not Specified |
|||||||
class-id |
Traffic class ID. |
integer |
Minimum value: 0 Maximum value: 4294967295 |
|||||||
diffserv-forward |
Enable to change packet's DiffServ values to the specified diffservcode-forward value. |
option |
- |
|||||||
|
|
|||||||||
diffserv-reverse |
Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. |
option |
- |
|||||||
|
|
|||||||||
diffservcode-forward |
Change packet's DiffServ to this value. |
user |
Not Specified |
|||||||
diffservcode-rev |
Change packet's reverse (reply) DiffServ to this value. |
user |
Not Specified |