Prerequisites:

• It is necessary to have access to the FortiGate management interface.
• The MAC addresses are the identities of the devices whose bandwidth is to be restrained.
• An understanding of how to create address objects and policies in FortiGate is required.
  
  

The process of Bandwidth Limiting can be described as follows:

Step 1: Creating an Address Object with the MAC Address.

In the GUI:

Run the FortiGate device in the browser by entering the management interface.
Navigate to Policy & Objects -> Addresses menu.
Select Create New.
Specify the Name for the given address object (for instance, User_MAC_1).
In the Type field, choose MAC Address.

Now, the user will be required to input the MAC Address of the device to be connected to the internet.
To save the address object, select the OK button.

In the CLI: 

config firewall address
    edit "MAC_Addr"
        set type mac
        set macaddr "02:09:0f:00:01:03"
    next
end

Step 2: Create a Traffic Shaper.

In the GUI:

Go to Policy & Objects and then Traffic Shapers.
Go to Create New and choose Shared Shaper.
Set the Name for the traffic shaper (for example, Limit_10Mbps).
Go to Configuration -> Maximum bandwidth and then enter the Maximum Bandwidth (for example, 10000 Kbps).
Fill in the other settings that are necessary and appropriate for the network configuration.

In the CLI:

config firewall shaper traffic-shaper

    edit "TEST"

        set guaranteed-bandwidth 10
        set maximum-bandwidth 100

    next

end

Step 3: Create the IPv4 Policy and Add the Traffic Shaper.

Note: The Traffic Shaping option in the GUI over the corresponding IPv4 Policy will only appear after it has been configured via CLI. If it is not configured through the CLI first, it will not be visible in the GUI. Additionally, once the profile is removed from the CLI, this option will disappear from the GUI again.

In the GUI:

Go to Policy & Objects and then IPv4 Policy.
Select Create New.
Specify the name of the policy. For example, Limit_User_MAC_1.
Replace the default values of the Incoming Interface and the Outgoing Interface.
Under the Source, select the + sign and choose the address object created in step 1.
Specify that the Destination is set as needed (for example All or selected).
In the Traffic Shaping section, turn on Apply Shaper Per Policy.
Choose the Traffic Shaper established in Step 2 for In and Out to optimize Internet traffic parameters.
To save the changes, select OK.

In the CLI:

config firewall policy

    edit 1

        set name "LAN-WAN"
        set srcintf "port3"
        set dstintf "port2"
        set action accept
        set srcaddr "MAC_Addr"
        set dstaddr "all"
        set schedule "always"
        set service "ALL"
        set logtraffic all
        set nat enable
        set traffic-shaper "TEST" 

        set traffic-shaper-reverse "TEST"

    next

end

Step 4: Verify the Configuration.

To ensure the configuration is working as expected, navigate to Policy & Object -> Traffic Shaping -> Traffic Shapers.

Verify the traffic matching traffic shapers and bandwidth usage or drops by session list as mentioned below:

di sys session filter dst 51.158.1.21

di sys session list

session info: proto=1 proto_state=00 duration=189 expire=60 timeout=0 refresh_dir=both flags=00000000 socktype=0 sockport=0 av_idx=0 use=3
origin-shaper=TEST prio=2 guarantee 1250Bps max 12500Bps traffic 3706Bps drops 0B 
reply-shaper=TEST prio=2 guarantee 1250Bps max 12500Bps traffic 3706Bps drops 0B 
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=log may_dirty os rs f00
statistic(bytes/packets/allow_err): org=347320/190/1 reply=345492/189/1 tuples=2
tx speed(Bps/kbps): 2077/16 rx speed(Bps/kbps): 2077/16
orgin->sink: org pre->post, reply pre->post dev=5->4/4->5 gwy=10.0.0.254/0.0.0.0
hook=post dir=org act=snat 172.16.10.1:5->51.158.1.21:8(10.0.0.1:60422)
hook=pre dir=reply act=dnat 51.158.1.21:60422->10.0.0.1:0(172.16.10.1:5)
misc=0 policy_id=1 pol_uuid_idx=15849 auth_info=0 chk_client_info=0 vd=0
serial=00000177 tos=ff/ff app_list=0 app=0 url_cat=0
rpdb_link_id=00000000 ngfwid=n/a
npu_state=0x000100
no_ofld_reason: npu-flag-off
total session: 1

Note: The address object configured with the 'mac' type cannot be used in the traffic shaper policy. Instead, this can be accomplished using an IPv4 policy, as outlined in the steps provided above.