Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
mhornung
Staff
Staff

Created on ‎04-10-2017 06:57 AM

Technical Note: Scheduled traffic shaping with FortiOS v5.4

Description
This article explains how to achieve scheduled traffic shaping in IPv4 policies.  For example, to have policies being shaped during office hours, but not shaped out of office hours.

Solution
1. Create a new schedule for office hours.

mhornung_FD40416_tn_FD40416-1.jpg

2. Create a policy on top of the policy that is allowing the traffic 'always'.

mhornung_FD40416_tn_FD40416-2.jpg

3. Configure the shaper in the scheduled policy via CLI:
# config firewall policy
# edit 10
# set traffic-shaper shared-1M-pipe
# set traffic-shaper-reverse shared-1M-pipe
# next
# end

4. Check shaper being configured:

GUI:

mhornung_FD40416_tn_FD40416-3.jpg

CLI:
# show firewall policy 10
config firewall policy
    edit 10
        set name "MS update allow shaped"
        set uuid cf1129d2-07ec-51e7-d69a-f6cff3bc9057
        set srcintf "lan"
        set dstintf "virtual-wan-link"
        set srcaddr "LAN"
        set dstaddr "update.microsoft.com"
        set action accept
        set schedule "Mo-Fr_8-18"
        set service "ALL"
        set traffic-shaper "shared-1M-pipe"
        set traffic-shaper-reverse "shared-1M-pipe"
        set nat enable
    next
end

Labels:
845
0 Kudos
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.​

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2023 Fortinet, Inc. All Rights Reserved.