#config firewall shaping-policy
edit 1
set service "ALL"
set dstintf "port1"
set traffic-shaper "shared-1M-pipe"
set traffic-shaper-reverse "shared-1M-pipe"
set srcaddr "all"
set dstaddr "all"
next
endThere may be multiple traffic shaping policy applied and even traffic shaping configured on an IPv4 policy itself:#config firewall policyIt will look like this on the GUI:
edit 3
set name "Allow Internet"
set uuid 602779c8-dad4-51e9-f897-36e313f6a3bc
set srcintf "port2"
set dstintf "port1"
set srcaddr "all"
set dstaddr "all"
set action accept
set schedule "always"
set service "ALL"
set logtraffic all
set fsso disable
set traffic-shaper "Shared 500 Kbps"
set traffic-shaper-reverse "Shared 500 Kbps"
set nat enable
next
end
#diagnose system session filter src 192.168.88.1Then, to display the session, use following command :
#diagnose system session filter dport 443
#diagnose system session listFrom the output, “shared-1M-pipe” shaper is used. That means this session will be effectively shaped using this shaper.
session info: proto=6 proto_state=01 duration=79 expire=3596 timeout=3600 flags=00000000 sockflag=00000000 sockport=0 av_idx=0 use=4
origin-shaper=shared-1M-pipe prio=2 guarantee 0Bps max 131072Bps traffic 364Bps drops 520B
reply-shaper=shared-1M-pipe prio=2 guarantee 0Bps max 131072Bps traffic 364Bps drops 198404B
per_ip_shaper=
class_id=0 shaping_policy_id=1 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=log may_dirty os rs f00
statistic(bytes/packets/allow_err): org=7501/102/1 reply=348627/282/1 tuples=2
tx speed(Bps/kbps): 94/0 rx speed(Bps/kbps): 4401/35
orgin->sink: org pre->post, reply pre->post dev=4->3/3->4 gwy=192.168.174.254/192.168.88.1
hook=post dir=org act=snat 192.168.88.1:47322->172.217.21.228:443(192.168.174.5:47322)
hook=pre dir=reply act=dnat 172.217.21.228:443->192.168.174.5:47322(192.168.88.1:47322)
pos/(before,after) 0/(0,0), 0/(0,0)
misc=0 policy_id=3 auth_info=0 chk_client_info=0 vd=0
serial=0000993d tos=ff/ff app_list=0 app=0 url_cat=0
rpdb_link_id = 00000000
dd_type=0 dd_mode=0
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.