config firewall shaping-policy
Description: Configure shaping policies.
edit <id>
set name {string}
set comment {var-string}
set status [enable|disable]
set ip-version [4|6]
set srcaddr <name1>, <name2>, ...
set dstaddr <name1>, <name2>, ...
set srcaddr6 <name1>, <name2>, ...
set dstaddr6 <name1>, <name2>, ...
set internet-service [enable|disable]
set internet-service-name <name1>, <name2>, ...
set internet-service-group <name1>, <name2>, ...
set internet-service-custom <name1>, <name2>, ...
set internet-service-custom-group <name1>, <name2>, ...
set internet-service-src [enable|disable]
set internet-service-src-name <name1>, <name2>, ...
set internet-service-src-group <name1>, <name2>, ...
set internet-service-src-custom <name1>, <name2>, ...
set internet-service-src-custom-group <name1>, <name2>, ...
set service <name1>, <name2>, ...
set schedule {string}
set users <name1>, <name2>, ...
set groups <name1>, <name2>, ...
set application <id1>, <id2>, ...
set app-category <id1>, <id2>, ...
set app-group <name1>, <name2>, ...
set url-category <id1>, <id2>, ...
set srcintf <name1>, <name2>, ...
set dstintf <name1>, <name2>, ...
set tos {user}
set tos-mask {user}
set tos-negate [enable|disable]
set traffic-shaper {string}
set traffic-shaper-reverse {string}
set per-ip-shaper {string}
set class-id {integer}
set diffserv-forward [enable|disable]
set diffserv-reverse [enable|disable]
set diffservcode-forward {user}
set diffservcode-rev {user}
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
name | Shaping policy name. | string | Maximum length: 35 |
comment | Comments. | var-string | Maximum length: 255 |
status | Enable/disable this traffic shaping policy. enable: Enable traffic shaping policy. disable: Disable traffic shaping policy. |
option | - |
ip-version | Apply this traffic shaping policy to IPv4 or IPv6 traffic. 4: Use IPv4 addressing for Configuration Method. 6: Use IPv6 addressing for Configuration Method. |
option | - |
srcaddr <name> |
IPv4 source address and address group names. Address name. |
string | Maximum length: 79 |
dstaddr <name> |
IPv4 destination address and address group names. Address name. |
string | Maximum length: 79 |
srcaddr6 <name> |
IPv6 source address and address group names. Address name. |
string | Maximum length: 79 |
dstaddr6 <name> |
IPv6 destination address and address group names. Address name. |
string | Maximum length: 79 |
internet-service | Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. enable: Enable use of Internet Service in shaping-policy. disable: Disable use of Internet Service in shaping-policy. |
option | - |
internet-service-name <name> |
Internet Service ID. Internet Service name. |
string | Maximum length: 79 |
internet-service-group <name> |
Internet Service group name. Internet Service group name. |
string | Maximum length: 79 |
internet-service-custom <name> |
Custom Internet Service name. Custom Internet Service name. |
string | Maximum length: 79 |
internet-service-custom-group <name> |
Custom Internet Service group name. Custom Internet Service group name. |
string | Maximum length: 79 |
internet-service-src | Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. enable: Enable use of Internet Service source in shaping-policy. disable: Disable use of Internet Service source in shaping-policy. |
option | - |
internet-service-src-name <name> |
Internet Service source name. Internet Service name. |
string | Maximum length: 79 |
internet-service-src-group <name> |
Internet Service source group name. Internet Service group name. |
string | Maximum length: 79 |
internet-service-src-custom <name> |
Custom Internet Service source name. Custom Internet Service name. |
string | Maximum length: 79 |
internet-service-src-custom-group <name> |
Custom Internet Service source group name. Custom Internet Service group name. |
string | Maximum length: 79 |
service <name> |
Service and service group names. Service name. |
string | Maximum length: 79 |
schedule | Schedule name. | string | Maximum length: 35 |
users <name> |
Apply this traffic shaping policy to individual users that have authenticated with the FortiGate. User name. |
string | Maximum length: 79 |
groups <name> |
Apply this traffic shaping policy to user groups that have authenticated with the FortiGate. Group name. |
string | Maximum length: 79 |
application <id> |
IDs of one or more applications that this shaper applies application control traffic shaping to. Application IDs. |
integer | Minimum value: 0 Maximum value: 4294967295 |
app-category <id> |
IDs of one or more application categories that this shaper applies application control traffic shaping to. Category IDs. |
integer | Minimum value: 0 Maximum value: 4294967295 |
app-group <name> |
One or more application group names. Application group name. |
string | Maximum length: 79 |
url-category <id> |
IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to. URL category ID. |
integer | Minimum value: 0 Maximum value: 4294967295 |
srcintf <name> |
One or more incoming (ingress) interfaces. Interface name. |
string | Maximum length: 79 |
dstintf <name> |
One or more outgoing (egress) interfaces. Interface name. |
string | Maximum length: 79 |
tos | ToS (Type of Service) value used for comparison. | user | Not Specified |
tos-mask | Non-zero bit positions are used for comparison while zero bit positions are ignored. | user | Not Specified |
tos-negate | Enable negated TOS match. enable: Enable TOS match negate. disable: Disable TOS match negate. |
option | - |
traffic-shaper | Traffic shaper to apply to traffic forwarded by the firewall policy. | string | Maximum length: 35 |
traffic-shaper-reverse | Traffic shaper to apply to response traffic received by the firewall policy. | string | Maximum length: 35 |
per-ip-shaper | Per-IP traffic shaper to apply with this policy. | string | Maximum length: 35 |
class-id | Traffic class ID. | integer | Minimum value: 0 Maximum value: 4294967295 |
diffserv-forward | Enable to change packet's DiffServ values to the specified diffservcode-forward value. enable: Enable setting forward (original) traffic DiffServ. disable: Disable setting forward (original) traffic DiffServ. |
option | - |
diffserv-reverse | Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. enable: Enable setting reverse (reply) traffic DiffServ. disable: Disable setting reverse (reply) traffic DiffServ. |
option | - |
diffservcode-forward | Change packet's DiffServ to this value. | user | Not Specified |
diffservcode-rev | Change packet's reverse (reply) DiffServ to this value. | user | Not Specified |
config firewall shaping-policy
Description: Configure shaping policies.
edit <id>
set name {string}
set comment {var-string}
set status [enable|disable]
set ip-version [4|6]
set srcaddr <name1>, <name2>, ...
set dstaddr <name1>, <name2>, ...
set srcaddr6 <name1>, <name2>, ...
set dstaddr6 <name1>, <name2>, ...
set internet-service [enable|disable]
set internet-service-name <name1>, <name2>, ...
set internet-service-group <name1>, <name2>, ...
set internet-service-custom <name1>, <name2>, ...
set internet-service-custom-group <name1>, <name2>, ...
set internet-service-src [enable|disable]
set internet-service-src-name <name1>, <name2>, ...
set internet-service-src-group <name1>, <name2>, ...
set internet-service-src-custom <name1>, <name2>, ...
set internet-service-src-custom-group <name1>, <name2>, ...
set service <name1>, <name2>, ...
set schedule {string}
set users <name1>, <name2>, ...
set groups <name1>, <name2>, ...
set application <id1>, <id2>, ...
set app-category <id1>, <id2>, ...
set app-group <name1>, <name2>, ...
set url-category <id1>, <id2>, ...
set srcintf <name1>, <name2>, ...
set dstintf <name1>, <name2>, ...
set tos {user}
set tos-mask {user}
set tos-negate [enable|disable]
set traffic-shaper {string}
set traffic-shaper-reverse {string}
set per-ip-shaper {string}
set class-id {integer}
set diffserv-forward [enable|disable]
set diffserv-reverse [enable|disable]
set diffservcode-forward {user}
set diffservcode-rev {user}
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
name | Shaping policy name. | string | Maximum length: 35 |
comment | Comments. | var-string | Maximum length: 255 |
status | Enable/disable this traffic shaping policy. enable: Enable traffic shaping policy. disable: Disable traffic shaping policy. |
option | - |
ip-version | Apply this traffic shaping policy to IPv4 or IPv6 traffic. 4: Use IPv4 addressing for Configuration Method. 6: Use IPv6 addressing for Configuration Method. |
option | - |
srcaddr <name> |
IPv4 source address and address group names. Address name. |
string | Maximum length: 79 |
dstaddr <name> |
IPv4 destination address and address group names. Address name. |
string | Maximum length: 79 |
srcaddr6 <name> |
IPv6 source address and address group names. Address name. |
string | Maximum length: 79 |
dstaddr6 <name> |
IPv6 destination address and address group names. Address name. |
string | Maximum length: 79 |
internet-service | Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used. enable: Enable use of Internet Service in shaping-policy. disable: Disable use of Internet Service in shaping-policy. |
option | - |
internet-service-name <name> |
Internet Service ID. Internet Service name. |
string | Maximum length: 79 |
internet-service-group <name> |
Internet Service group name. Internet Service group name. |
string | Maximum length: 79 |
internet-service-custom <name> |
Custom Internet Service name. Custom Internet Service name. |
string | Maximum length: 79 |
internet-service-custom-group <name> |
Custom Internet Service group name. Custom Internet Service group name. |
string | Maximum length: 79 |
internet-service-src | Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used. enable: Enable use of Internet Service source in shaping-policy. disable: Disable use of Internet Service source in shaping-policy. |
option | - |
internet-service-src-name <name> |
Internet Service source name. Internet Service name. |
string | Maximum length: 79 |
internet-service-src-group <name> |
Internet Service source group name. Internet Service group name. |
string | Maximum length: 79 |
internet-service-src-custom <name> |
Custom Internet Service source name. Custom Internet Service name. |
string | Maximum length: 79 |
internet-service-src-custom-group <name> |
Custom Internet Service source group name. Custom Internet Service group name. |
string | Maximum length: 79 |
service <name> |
Service and service group names. Service name. |
string | Maximum length: 79 |
schedule | Schedule name. | string | Maximum length: 35 |
users <name> |
Apply this traffic shaping policy to individual users that have authenticated with the FortiGate. User name. |
string | Maximum length: 79 |
groups <name> |
Apply this traffic shaping policy to user groups that have authenticated with the FortiGate. Group name. |
string | Maximum length: 79 |
application <id> |
IDs of one or more applications that this shaper applies application control traffic shaping to. Application IDs. |
integer | Minimum value: 0 Maximum value: 4294967295 |
app-category <id> |
IDs of one or more application categories that this shaper applies application control traffic shaping to. Category IDs. |
integer | Minimum value: 0 Maximum value: 4294967295 |
app-group <name> |
One or more application group names. Application group name. |
string | Maximum length: 79 |
url-category <id> |
IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to. URL category ID. |
integer | Minimum value: 0 Maximum value: 4294967295 |
srcintf <name> |
One or more incoming (ingress) interfaces. Interface name. |
string | Maximum length: 79 |
dstintf <name> |
One or more outgoing (egress) interfaces. Interface name. |
string | Maximum length: 79 |
tos | ToS (Type of Service) value used for comparison. | user | Not Specified |
tos-mask | Non-zero bit positions are used for comparison while zero bit positions are ignored. | user | Not Specified |
tos-negate | Enable negated TOS match. enable: Enable TOS match negate. disable: Disable TOS match negate. |
option | - |
traffic-shaper | Traffic shaper to apply to traffic forwarded by the firewall policy. | string | Maximum length: 35 |
traffic-shaper-reverse | Traffic shaper to apply to response traffic received by the firewall policy. | string | Maximum length: 35 |
per-ip-shaper | Per-IP traffic shaper to apply with this policy. | string | Maximum length: 35 |
class-id | Traffic class ID. | integer | Minimum value: 0 Maximum value: 4294967295 |
diffserv-forward | Enable to change packet's DiffServ values to the specified diffservcode-forward value. enable: Enable setting forward (original) traffic DiffServ. disable: Disable setting forward (original) traffic DiffServ. |
option | - |
diffserv-reverse | Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value. enable: Enable setting reverse (reply) traffic DiffServ. disable: Disable setting reverse (reply) traffic DiffServ. |
option | - |
diffservcode-forward | Change packet's DiffServ to this value. | user | Not Specified |
diffservcode-rev | Change packet's reverse (reply) DiffServ to this value. | user | Not Specified |