Traffic Shaping Policies
New Traffic Shaper Policy Configuration Method (269943)
Previously, traffic shapers were configured in Policy & Objects > Objects > Traffic Shapers and then applied in security policies under Policy & Objects > Policy > IPv4 . In FortiOS 5.4, traffic shapers are now configured in a new traffic shaping section in Policy & Objects > Traffic Shapers.
The way that traffic shapers are applied to policies has changed significantly in 5.4., because there is now a specific section for traffic shaping policies in Policy & Objects > Traffic Shaping Policy. In the new traffic shaping policies, you must ensure that the Matching Criteria is the same as the security policy or policies you want to apply shaping to.
There is also added Traffic Shaper support based on the following:
- Source (Address, Local Users, Groups)
- Destination (Address, FQDN, URL or category)
- Service (General, Web Access, File Access, Email and Network services, Authentication, Remote Access, Tunneling, VoIP, Messaging and other Applications, Web Proxy)
- Application
- Application Category
- URL Category
Creating Application Control Shapers
Application Control Shapers were previously configured in the Security Profiles > Application Control section, but for simplicity they are now consolidated in the same section as the other two types of traffic shapers: Shared and Per-IP.
To create an Application Control Shaper, you must first enable application control at the policy level, in Policy
& Objects > Policy > [IPv4 or IPv6]. Then, you can create a matching application-based traffic shaping policy that will apply to it, in the new Traffic Shaping section under Policy & Objects > Traffic Shaping Policy.
New attributes added to “firewall shaping-policy” (277030) (275431)
The two new attributes are status and url-category. The status attribute verifies whether the policy is set to enabled or disabled. The url-category attribute applies the shaping-policy to sessions without a URL rating when set to 0, and no web filtering is applied.
Syntax:
config firewall shaping-policy edit 1
set status enable
set url-category [category ID number]
New button added to “Clone” Shapers
You can now easily create a copy of an existing shaper by selecting the shaper and clicking the Clone button.