FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vdralio
Staff
Staff
Article Id 191943

Description

 

This article explains how to apply traffic-shaping in a firewall policy.

 

Scope

 

Any supported version of FortiGate.

 

In FortiOS version 5.2, traffic shaping was configured over the firewall policy.

By default, if the intention was to apply traffic shaping, it was only necessary to create a shaper and direct it to a firewall policy.

 

From 5.6 FortiOS versions there is no option to create a shaper for a firewall policy in the GUI. This can only be done through the CLI.

 

Solution

 

Traffic shaping in a firewall policy needs to be configured using the CLI. There is currently no method to enable traffic shaping in the GUI. After adding, it will be possible to modify the policy in the GUI.

If traffic shaping is removed through the GUI and the firewall policy has been saved, it will be necessary to use the CLI to create it again.

 

Follow the steps below to create traffic shaping in a firewall poliy:


1) Go to Policy&Objects -> IPv4 Policy, right-click the policy for which traffic shaping will be configured, and select 'Edit in CLI'.


 
2) Configure the following inside the policy through the CLI:
 
# set traffic-shaper <shaper name>
set reverse-traffic-shaper <shaper name>
end
 
Note: In recent versions of FortiGate, 'traffic-shaper-reverse' is used in place of 'reverse-traffic-shaper'. Try both if necessary.
 
Alternatively, go directly from CLI to the specific firewall policy and enable traffic shaping:
 
# config firewall policy
    edit <fw_policy_id>
        set traffic-shaper <shaper name>
        set reverse-traffic-shaper <shaper name>
    end
end
 
4) Once configured, the traffic shaping configuration will be visible under the policy section in the GUI:
 
 
These steps must be completed for every individual policy to which shaping will be applied.
 

Related articles:

Technical Tip: How to configure and check which traffic shaper is used

Technical Tip: Monitoring 'Traffic Shaping'

Technical Tip: Application control based traffic shaper

Traffic shaping policies - FortiGate documentation

Contributors