Technical Tip: Shaping-profile installed to FortiGate behavior

Description

This article describes the behavior why a firewall shaping-profile will install to FortiGate even does not being used at the policy or interface level directly. From this observation, the unwanted configuration is to be pushed to FortiGate.

Scope

FortiManager, FortiGate.

Solution

Basically, shaping-profile will not observed to be install if not directly being used in policy level. Following FortiGate behavior, when creating a 'traffic-class', this need to be under 'shaping-profile', where basically this is being used in 'shaping-policy'.

Hence, in FortiManager's perspective, all this can be configured under:

Policy & Objects -> Firewall Objects -> Shaping Profile -> Additional Shaping Groups -> Create New.

To check the specific id and class-id is as per below:

Policy & Objects -> Advanced-> CLI Configurations -> Search (firewall -> shaping-profile) -> Firewall shaping-profile -> Edit.

Then, this class-id is used and referenced in shaping-policy as per below:

Policy & Objects -> Policy Packages -> Traffic Shaping Policy -> Create New -> Enable Assign shaping class ID -> Select Traffic shaping class ID -> Select Traffic Class.

Therefore, the expectation to see the shaping-profile shown in Install Preview for this scenario is an expected behavior.

Related documents:

Traffic shaping profiles 
Technical Tip: Using Traffic Shaping with Class ID to Prioritize Traffic