Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Match IPsec traffic in Shaping Profile

Dear community,


We are using a shaping profile on wan1 to prioritize the traffic with shaping policies using 5 classes.

It's working fine but I have noticed that the IPSec tunnel under wan1 is not being classified.

In the policies, I cannot select the tunnel interface to make it classified as high priority.

Should I apply an outbound shaping profile to the tunnel interface ? or what is the best practice to classify the tunnel traffic ?


Thanks for support





A traffic shaping policy can be used for interface-based traffic shaping by organizing traffic into 30 class IDs. 


In the traffic shaping policy, you can select the ipsec virtual tunnel interface to create policy.

I checked on fortios patch 7.2.7. What is your fortios version?


traffic shapping.PNG


Document for the reference:



If you have found a solution, please like and accept it to make it easily accessible to others.


Dhruvin Patel
New Contributor II



I'm running 7.0.9.

I cannot see my VPN interface in the Source Interface list.
What I did now to make sur the tunnel does not go offline if there is heavy traffic is to prioritize the ipsec protocol like that :

Am I correct ?

Thanks for support


config firewall shaping-policy
edit 8
set name "HIGH_IPSEC"
set service "ESP" "IKE" "G-A-CAPWAP"
set dstintf "virtual-wan-link"
set class-id 9
set srcaddr "all"
set dstaddr "all"

edit 5
set class-id 9
set priority critical
set guaranteed-bandwidth-percentage 10
set maximum-bandwidth-percentage 100



Top Kudoed Authors