Fortinet white logo
Fortinet white logo

CLI Reference

config firewall shaping-policy

config firewall shaping-policy

Configure shaping policies.

config firewall shaping-policy

Description: Configure shaping policies.

edit <id>

set name {string}

set comment {var-string}

set status [enable|disable]

set ip-version [4|6]

set srcaddr <name1>, <name2>, ...

set dstaddr <name1>, <name2>, ...

set srcaddr6 <name1>, <name2>, ...

set dstaddr6 <name1>, <name2>, ...

set internet-service [enable|disable]

set internet-service-name <name1>, <name2>, ...

set internet-service-group <name1>, <name2>, ...

set internet-service-custom <name1>, <name2>, ...

set internet-service-custom-group <name1>, <name2>, ...

set internet-service-src [enable|disable]

set internet-service-src-name <name1>, <name2>, ...

set internet-service-src-group <name1>, <name2>, ...

set internet-service-src-custom <name1>, <name2>, ...

set internet-service-src-custom-group <name1>, <name2>, ...

set service <name1>, <name2>, ...

set schedule {string}

set users <name1>, <name2>, ...

set groups <name1>, <name2>, ...

set application <id1>, <id2>, ...

set app-category <id1>, <id2>, ...

set app-group <name1>, <name2>, ...

set url-category <id1>, <id2>, ...

set srcintf <name1>, <name2>, ...

set dstintf <name1>, <name2>, ...

set tos {user}

set tos-mask {user}

set tos-negate [enable|disable]

set traffic-shaper {string}

set traffic-shaper-reverse {string}

set per-ip-shaper {string}

set class-id {integer}

set diffserv-forward [enable|disable]

set diffserv-reverse [enable|disable]

set diffservcode-forward {user}

set diffservcode-rev {user}

next

end

config firewall shaping-policy

Parameter

Description

Type

Size

Default

name

Shaping policy name.

string

Maximum length: 35

comment

Comments.

var-string

Maximum length: 255

status

Enable/disable this traffic shaping policy.

option

-

enable

Option

Description

enable

Enable traffic shaping policy.

disable

Disable traffic shaping policy.

ip-version

Apply this traffic shaping policy to IPv4 or IPv6 traffic.

option

-

4

Option

Description

4

Use IPv4 addressing for Configuration Method.

6

Use IPv6 addressing for Configuration Method.

srcaddr <name>

IPv4 source address and address group names.

Address name.

string

Maximum length: 79

dstaddr <name>

IPv4 destination address and address group names.

Address name.

string

Maximum length: 79

srcaddr6 <name>

IPv6 source address and address group names.

Address name.

string

Maximum length: 79

dstaddr6 <name>

IPv6 destination address and address group names.

Address name.

string

Maximum length: 79

internet-service

Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.

option

-

disable

Option

Description

enable

Enable use of Internet Service in shaping-policy.

disable

Disable use of Internet Service in shaping-policy.

internet-service-name <name>

Internet Service ID.

Internet Service name.

string

Maximum length: 79

internet-service-group <name>

Internet Service group name.

Internet Service group name.

string

Maximum length: 79

internet-service-custom <name>

Custom Internet Service name.

Custom Internet Service name.

string

Maximum length: 79

internet-service-custom-group <name>

Custom Internet Service group name.

Custom Internet Service group name.

string

Maximum length: 79

internet-service-src

Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.

option

-

disable

Option

Description

enable

Enable use of Internet Service source in shaping-policy.

disable

Disable use of Internet Service source in shaping-policy.

internet-service-src-name <name>

Internet Service source name.

Internet Service name.

string

Maximum length: 79

internet-service-src-group <name>

Internet Service source group name.

Internet Service group name.

string

Maximum length: 79

internet-service-src-custom <name>

Custom Internet Service source name.

Custom Internet Service name.

string

Maximum length: 79

internet-service-src-custom-group <name>

Custom Internet Service source group name.

Custom Internet Service group name.

string

Maximum length: 79

service <name>

Service and service group names.

Service name.

string

Maximum length: 79

schedule

Schedule name.

string

Maximum length: 35

users <name>

Apply this traffic shaping policy to individual users that have authenticated with the FortiGate.

User name.

string

Maximum length: 79

groups <name>

Apply this traffic shaping policy to user groups that have authenticated with the FortiGate.

Group name.

string

Maximum length: 79

application <id>

IDs of one or more applications that this shaper applies application control traffic shaping to.

Application IDs.

integer

Minimum value: 0 Maximum value: 4294967295

0

app-category <id>

IDs of one or more application categories that this shaper applies application control traffic shaping to.

Category IDs.

integer

Minimum value: 0 Maximum value: 4294967295

0

app-group <name>

One or more application group names.

Application group name.

string

Maximum length: 79

url-category <id>

IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to.

URL category ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

srcintf <name>

One or more incoming (ingress) interfaces.

Interface name.

string

Maximum length: 79

dstintf <name>

One or more outgoing (egress) interfaces.

Interface name.

string

Maximum length: 79

tos

ToS (Type of Service) value used for comparison.

user

Not Specified

tos-mask

Non-zero bit positions are used for comparison while zero bit positions are ignored.

user

Not Specified

tos-negate

Enable negated TOS match.

option

-

disable

Option

Description

enable

Enable TOS match negate.

disable

Disable TOS match negate.

traffic-shaper

Traffic shaper to apply to traffic forwarded by the firewall policy.

string

Maximum length: 35

traffic-shaper-reverse

Traffic shaper to apply to response traffic received by the firewall policy.

string

Maximum length: 35

per-ip-shaper

Per-IP traffic shaper to apply with this policy.

string

Maximum length: 35

class-id

Traffic class ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

diffserv-forward

Enable to change packet's DiffServ values to the specified diffservcode-forward value.

option

-

disable

Option

Description

enable

Enable setting forward (original) traffic DiffServ.

disable

Disable setting forward (original) traffic DiffServ.

diffserv-reverse

Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.

option

-

disable

Option

Description

enable

Enable setting reverse (reply) traffic DiffServ.

disable

Disable setting reverse (reply) traffic DiffServ.

diffservcode-forward

Change packet's DiffServ to this value.

user

Not Specified

diffservcode-rev

Change packet's reverse (reply) DiffServ to this value.

user

Not Specified

config firewall shaping-policy

config firewall shaping-policy

Configure shaping policies.

config firewall shaping-policy

Description: Configure shaping policies.

edit <id>

set name {string}

set comment {var-string}

set status [enable|disable]

set ip-version [4|6]

set srcaddr <name1>, <name2>, ...

set dstaddr <name1>, <name2>, ...

set srcaddr6 <name1>, <name2>, ...

set dstaddr6 <name1>, <name2>, ...

set internet-service [enable|disable]

set internet-service-name <name1>, <name2>, ...

set internet-service-group <name1>, <name2>, ...

set internet-service-custom <name1>, <name2>, ...

set internet-service-custom-group <name1>, <name2>, ...

set internet-service-src [enable|disable]

set internet-service-src-name <name1>, <name2>, ...

set internet-service-src-group <name1>, <name2>, ...

set internet-service-src-custom <name1>, <name2>, ...

set internet-service-src-custom-group <name1>, <name2>, ...

set service <name1>, <name2>, ...

set schedule {string}

set users <name1>, <name2>, ...

set groups <name1>, <name2>, ...

set application <id1>, <id2>, ...

set app-category <id1>, <id2>, ...

set app-group <name1>, <name2>, ...

set url-category <id1>, <id2>, ...

set srcintf <name1>, <name2>, ...

set dstintf <name1>, <name2>, ...

set tos {user}

set tos-mask {user}

set tos-negate [enable|disable]

set traffic-shaper {string}

set traffic-shaper-reverse {string}

set per-ip-shaper {string}

set class-id {integer}

set diffserv-forward [enable|disable]

set diffserv-reverse [enable|disable]

set diffservcode-forward {user}

set diffservcode-rev {user}

next

end

config firewall shaping-policy

Parameter

Description

Type

Size

Default

name

Shaping policy name.

string

Maximum length: 35

comment

Comments.

var-string

Maximum length: 255

status

Enable/disable this traffic shaping policy.

option

-

enable

Option

Description

enable

Enable traffic shaping policy.

disable

Disable traffic shaping policy.

ip-version

Apply this traffic shaping policy to IPv4 or IPv6 traffic.

option

-

4

Option

Description

4

Use IPv4 addressing for Configuration Method.

6

Use IPv6 addressing for Configuration Method.

srcaddr <name>

IPv4 source address and address group names.

Address name.

string

Maximum length: 79

dstaddr <name>

IPv4 destination address and address group names.

Address name.

string

Maximum length: 79

srcaddr6 <name>

IPv6 source address and address group names.

Address name.

string

Maximum length: 79

dstaddr6 <name>

IPv6 destination address and address group names.

Address name.

string

Maximum length: 79

internet-service

Enable/disable use of Internet Services for this policy. If enabled, destination address and service are not used.

option

-

disable

Option

Description

enable

Enable use of Internet Service in shaping-policy.

disable

Disable use of Internet Service in shaping-policy.

internet-service-name <name>

Internet Service ID.

Internet Service name.

string

Maximum length: 79

internet-service-group <name>

Internet Service group name.

Internet Service group name.

string

Maximum length: 79

internet-service-custom <name>

Custom Internet Service name.

Custom Internet Service name.

string

Maximum length: 79

internet-service-custom-group <name>

Custom Internet Service group name.

Custom Internet Service group name.

string

Maximum length: 79

internet-service-src

Enable/disable use of Internet Services in source for this policy. If enabled, source address is not used.

option

-

disable

Option

Description

enable

Enable use of Internet Service source in shaping-policy.

disable

Disable use of Internet Service source in shaping-policy.

internet-service-src-name <name>

Internet Service source name.

Internet Service name.

string

Maximum length: 79

internet-service-src-group <name>

Internet Service source group name.

Internet Service group name.

string

Maximum length: 79

internet-service-src-custom <name>

Custom Internet Service source name.

Custom Internet Service name.

string

Maximum length: 79

internet-service-src-custom-group <name>

Custom Internet Service source group name.

Custom Internet Service group name.

string

Maximum length: 79

service <name>

Service and service group names.

Service name.

string

Maximum length: 79

schedule

Schedule name.

string

Maximum length: 35

users <name>

Apply this traffic shaping policy to individual users that have authenticated with the FortiGate.

User name.

string

Maximum length: 79

groups <name>

Apply this traffic shaping policy to user groups that have authenticated with the FortiGate.

Group name.

string

Maximum length: 79

application <id>

IDs of one or more applications that this shaper applies application control traffic shaping to.

Application IDs.

integer

Minimum value: 0 Maximum value: 4294967295

0

app-category <id>

IDs of one or more application categories that this shaper applies application control traffic shaping to.

Category IDs.

integer

Minimum value: 0 Maximum value: 4294967295

0

app-group <name>

One or more application group names.

Application group name.

string

Maximum length: 79

url-category <id>

IDs of one or more FortiGuard Web Filtering categories that this shaper applies traffic shaping to.

URL category ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

srcintf <name>

One or more incoming (ingress) interfaces.

Interface name.

string

Maximum length: 79

dstintf <name>

One or more outgoing (egress) interfaces.

Interface name.

string

Maximum length: 79

tos

ToS (Type of Service) value used for comparison.

user

Not Specified

tos-mask

Non-zero bit positions are used for comparison while zero bit positions are ignored.

user

Not Specified

tos-negate

Enable negated TOS match.

option

-

disable

Option

Description

enable

Enable TOS match negate.

disable

Disable TOS match negate.

traffic-shaper

Traffic shaper to apply to traffic forwarded by the firewall policy.

string

Maximum length: 35

traffic-shaper-reverse

Traffic shaper to apply to response traffic received by the firewall policy.

string

Maximum length: 35

per-ip-shaper

Per-IP traffic shaper to apply with this policy.

string

Maximum length: 35

class-id

Traffic class ID.

integer

Minimum value: 0 Maximum value: 4294967295

0

diffserv-forward

Enable to change packet's DiffServ values to the specified diffservcode-forward value.

option

-

disable

Option

Description

enable

Enable setting forward (original) traffic DiffServ.

disable

Disable setting forward (original) traffic DiffServ.

diffserv-reverse

Enable to change packet's reverse (reply) DiffServ values to the specified diffservcode-rev value.

option

-

disable

Option

Description

enable

Enable setting reverse (reply) traffic DiffServ.

disable

Disable setting reverse (reply) traffic DiffServ.

diffservcode-forward

Change packet's DiffServ to this value.

user

Not Specified

diffservcode-rev

Change packet's reverse (reply) DiffServ to this value.

user

Not Specified