Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akamath
Staff
Staff

Created on ‎09-22-2020 10:40 PM Edited on ‎02-05-2024 06:42 AM By Moderator

Article Id 196432

Technical Tip: Source interface in the traffic shaping policy

Description
This article describes how to add source interfaces as criteria for classifying traffic in a firewall shaping policy.

Solution
This CLI command is added.

# config firewall shaping-policy
    edit 1
        set srcintf <interface_name>
        ......
    next
end

Example.



 
 
In this example, there are two shaping policies.

- Policy 1 is for traffic from the Office to the Server, with the speed limited to 5MB/s.
- Policy 2 is for traffic from the Lab to the Server, with the speed limited to 1MB/s.
 
CLI commands to configure the FortiGate.
# config firewall shaping-policy
    edit 1
        set name "Office_Speed_5MB"
        set service "ALL"
        set srcintf "port13"
        set dstintf "port9"
        set traffic-shaper "5MB/s"
        set traffic-shaper-reverse "5MB/s"
        set srcaddr "all"
        set dstaddr "all"
    next
        edit 2
            set name "Lab_Speed_1MB"
            set service "ALL"
            set srcintf "port10"
            set dstintf "port9"
            set traffic-shaper "1MB/s"
            set traffic-shaper-reverse "1MB/s"
            set srcaddr "all"
            set dstaddr "all"
        next
    end

 

977
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.