FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to achieve scheduled traffic shaping in IPv4 policies. For example, to have policies being shaped during office hours, but not shaped out of office hours.
1. Create a new schedule for office hours.
2. Create a policy on top of the policy that is allowing the traffic 'always'.
3. Configure the shaper in the scheduled policy via CLI:
# config firewall policy # edit 10 # set traffic-shaper shared-1M-pipe # set traffic-shaper-reverse shared-1M-pipe # next # end
4. Check shaper being configured:
# show firewall policy 10 config firewall policy edit 10 set name "MS update allow shaped" set uuid cf1129d2-07ec-51e7-d69a-f6cff3bc9057 set srcintf "lan" set dstintf "virtual-wan-link" set srcaddr "LAN" set dstaddr "update.microsoft.com" set action accept set schedule "Mo-Fr_8-18" set service "ALL" set traffic-shaper "shared-1M-pipe" set traffic-shaper-reverse "shared-1M-pipe" set nat enable next end