Fortinet white logo
Fortinet white logo

Cookbook

Application groups in policies

Application groups in policies

This feature provides an application group command for firewall shaping policies.

The following CLI command is used:

config firewall shaping-policy

edit 1

set app-group <application group>...

......

next

end

Example

In this example, there are two traffic shaping policies:

  • Policy 1 is for traffic related to cloud applications that has high priority.
  • Policy 2 is for other traffic and has low priority.
To create the shaping policies using the GUI:
  1. Configure an application group for cloud applications:
    1. Go to Security Profiles > Application Signatures.
    2. Click Create New > Application Group. The New Application Group page opens.

    3. Enter a name for the group, select the type, and then add the group the members.
    4. Click OK.
  2. Create the shaping policy for the high priority cloud application traffic:
    1. Go to Policy & Objects > Traffic Shaping Policy.
    2. Click Create New. The New Shaping Policy page opens.

    3. Configure the shaping policy, selecting the previously created cloud application group, and setting both the Shared shaper and Reverse shaper to high‑priority.
    4. Click OK.
    Note

    At least one firewall policy must have application control enabled for the applications to match any policy traffic.

  3. Create the shaping policy for all other traffic, setting both the Shared shaper and Reverse shaper to low‑priority.

To create the shaping policies using the CLI:
  1. Configure an application group for cloud applications:
    config application group
        edit "cloud app group"
            set application 27210 36740 35944 24467 33048
        next
    end
    
  2. Create the shaping policies for the high priority cloud application traffic and the other, low priority traffic:
    config firewall shaping-policy
        edit 1
            set name "For Cloud Traffic"
            set service "ALL"
            set app-category 30
            set app-group "cloud app group"
            set dstintf "port1"
            set traffic-shaper "high-priority"
            set traffic-shaper-reverse "high-priority"
            set srcaddr "all"
            set dstaddr "all"
        next
        edit 2
            set name "For Other Traffic"
            set service "ALL"
            set dstintf "port1"
            set traffic-shaper "low-priority"
            set traffic-shaper-reverse "low-priority"
            set srcaddr "all"
            set dstaddr "all"
        next
    end

Related Videos

sidebar video

Application Group in Traffic Shaping Policy

  • 2,043 views
  • 5 years ago

Application groups in policies

Application groups in policies

This feature provides an application group command for firewall shaping policies.

The following CLI command is used:

config firewall shaping-policy

edit 1

set app-group <application group>...

......

next

end

Example

In this example, there are two traffic shaping policies:

  • Policy 1 is for traffic related to cloud applications that has high priority.
  • Policy 2 is for other traffic and has low priority.
To create the shaping policies using the GUI:
  1. Configure an application group for cloud applications:
    1. Go to Security Profiles > Application Signatures.
    2. Click Create New > Application Group. The New Application Group page opens.

    3. Enter a name for the group, select the type, and then add the group the members.
    4. Click OK.
  2. Create the shaping policy for the high priority cloud application traffic:
    1. Go to Policy & Objects > Traffic Shaping Policy.
    2. Click Create New. The New Shaping Policy page opens.

    3. Configure the shaping policy, selecting the previously created cloud application group, and setting both the Shared shaper and Reverse shaper to high‑priority.
    4. Click OK.
    Note

    At least one firewall policy must have application control enabled for the applications to match any policy traffic.

  3. Create the shaping policy for all other traffic, setting both the Shared shaper and Reverse shaper to low‑priority.

To create the shaping policies using the CLI:
  1. Configure an application group for cloud applications:
    config application group
        edit "cloud app group"
            set application 27210 36740 35944 24467 33048
        next
    end
    
  2. Create the shaping policies for the high priority cloud application traffic and the other, low priority traffic:
    config firewall shaping-policy
        edit 1
            set name "For Cloud Traffic"
            set service "ALL"
            set app-category 30
            set app-group "cloud app group"
            set dstintf "port1"
            set traffic-shaper "high-priority"
            set traffic-shaper-reverse "high-priority"
            set srcaddr "all"
            set dstaddr "all"
        next
        edit 2
            set name "For Other Traffic"
            set service "ALL"
            set dstintf "port1"
            set traffic-shaper "low-priority"
            set traffic-shaper-reverse "low-priority"
            set srcaddr "all"
            set dstaddr "all"
        next
    end