Problem with the settings here. After I configure these settings click OK and then click apply on the main page. I go back and look and the traffic shaper and Reverse traffic shaper revert to the default setting of unchecked with no shapers chosen. Am I doing something wrong that it doesn' t retain the settings??

I only personally seen this happen while using an incompatible web browser and/or when I forget to purge/clear the browser cache after a firmware upgrade. Make sure you are editing the correct Application Sensor, too. If you have created a new Application Sensor, the default one will always show up first in the list (e.g. use the pull down tab at the top right side of the page to choose your Application Sensor.) edit: I do see you have added a facebook sensor to " default" in your screenshot, check to see if you haven' t actually created it under another Application Sensor too.

I don' t think you' re doing anything wrong. The checkboxes indicate that you want to modify the selected item. They are not indicating a status. Besides, you should notice that the AppControl is in effect, or at least apps are logged.

Thanks folks, I apologize for not getting back out here sooner, you responded to me right away and I dropped the ball in getting back to you with feedback so we can close the thread as solved. With that said, all is working. Here is what I found out: Browsers matter, IE8 gets stupid sometimes, even with the latest flash BHO’s, so I use chrome with the FGT web interface. App Control works without the bundled services. Reverse traffic shaping is where it is at, we have slowed FB down to a crawl, the boss told his people he did care if FB was slow he wasn’t paying to fix it when they shouldn’t be using it anyway. Also learned that even with slow dial-up speeds after they visit a few times it gets faster because Temporary Internet files cache some of the files. So I set the gals machine to dump files at each and every browser close. That way it has to re-download it all again. That was about the only bump in the road. I do see another bump coming….This office shares their Internet connection and the 40C with another office in the building. Their boss is much more laid back. So the day is coming soon when he tells me to fix it for them. So at that point I am thinking I will have to put each office on their own VLAN? And then apply those setting only to our VLAN. I am hoping that will be the right course of action. Again Thank you for your assistance and direction and patience with me a networking guy in training! Again if you guys can point me to some reading, video and other tutorials for the Fortigates and subnetting in general I would appreciate that, I have so much to learn and no time to do it.

Glad it' s working now. I have my doubts if throttling FB on your LAN makes sense when at the same time your neighbours are wasting the bandwidth...but that' s politics, not networking. Yes, you could separate the LANs in two VLANs. VLAN interfaces are created as sub-interfaces of a physical port, in your case ' internal' . Your switches will have to support VLANs as well, putting incoming traffic from the PCs onto a VLAN (tagging). I' ve got no idea how big your office is and whether your existing switches are VLAN capable but...I' ve grown very fond of the Netgear Smart Switches like GS108Tv2 for small installations. They even have a web interface, support VLAN tagging and QoS and a lot more at a very decent price. ' Poor man' s VLAN' would work too. Separate the offices by address space, like the lower half of a /24 network for office1 and the upper half for office2. Of course, this will not work if you configure the PCs for DHCP. (you could use DHCP with reserved addresses but that would somehow eliminate the benefits of DHCP). And if only one of your office users is clever enough to put his/her PC onto a different IP address the whole scheme will break down. So, VLANs are the way to go, or better still, seperate WAN lines.