Created on 03-07-2021 11:36 PM Edited on 01-30-2024 02:23 AM By Kate_M
Description
This article describes how to configure an application control traffic shaper.
Related document.
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/204835/configuring-application-control-t...
Solution
Create a traffic shaper or selected/adjust one of the default shapers:
#config firewall shaping-policyEnable application control in the firewall policy.
edit 1
set name "https"
set status disable
set service "ALL"
set application 34039 40568
set dstintf "wan1"
set traffic-shaper "low-priority"
set traffic-shaper-reverse "low-priority"
set srcaddr "all"
set dstaddr "all"
next
FGT # diagnose firewall shaper traffic-shaperNote.
name low-priority
maximum-bandwidth 125 KB/sec
guaranteed-bandwidth 125 KB/sec
current-bandwidth 125 KB/sec
priority 4
overhead 0
tos ff
packets dropped 2108
bytes dropped 2812798
# diag sys session list
session info: proto=6 proto_state=11 duration=129 expire=3587 timeout=3600 flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
origin-shaper=low-priority prio=4 guarantee 125000Bps max 125000Bps traffic 227Bps drops 0B
reply-shaper=low-priority prio=4 guarantee 125000Bps max 125000Bps traffic 227Bps drops 0B
per_ip_shaper=
class_id=0 shaping_policy_id=1 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=log may_dirty ndr os rs f00 app_valid
statistic(bytes/packets/allow_err): org=1544/13/1 reply=4363/11/1 tuples=2
tx speed(Bps/kbps): 11/0 rx speed(Bps/kbps): 33/0
orgin->sink: org pre->post, reply pre->post dev=5->3/3->5 gwy=192.168.55.1/10.10.0.100
hook=pre dir=org act=noop 10.10.0.100:42816->74.125.133.119:443(0.0.0.0:0)
hook=post dir=reply act=noop 74.125.133.119:443->10.10.0.100:42816(0.0.0.0:0)
pos/(before,after) 0/(0,0), 0/(0,0)
src_mac=52:54:00:03:75:67
misc=0 policy_id=13 auth_info=0 chk_client_info=0 vd=0
serial=000335e4 tos=ff/ff app_list=2000 app=31077 url_cat=0
sdwan_mbr_seq=0 sdwan_service_id=0
rpdb_link_id=00000000 rpdb_svc_id=0 ngfwid=n/a
npu_state=0x041008
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.