FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to apply a traffic shaper to an application in an “Application Control” security profile. For example, to shape the traffic for windows updates.
1. Add the signature as an application override to the profile via GUI or CLI.
(root) # config application list (list) # edit default (default) # config entries (entries) # edit 1 (1) # set application 16009 (1) # set action pass (1) # set log disable (1) # next (entries) # end (default) # end (root) #
2. Configure the required traffic shaper for the application (CLI only).
(root) # config application list (list) # edit default (default) # config entries (entries) # edit 1 (1) # set shaper shared-1M-pipe (1) # set shaper-reverse shared-1M-pipe (1) # next (entries) # end (default) # end (root) #
3. Verify shaper(s) being in place.
(root) # show application list default config application list edit "default" set comment "Monitor all applications." set app-replacemsg disable set unknown-application-action block set unknown-application-log enable config entries edit 1 set application 16009 set action pass set log disable set shaper "shared-1M-pipe" set shaper-reverse "shared-1M-pipe" next edit 2 set category 2 6 19 28 next edit 3 set category 8 12 set action pass set log disable next edit 4 set action pass next end next end