Enabling traffic shaping in the security policy

Enabling traffic shaping in the security policy

Historically, FortiOS traffic shapers have always been enabled within a security policy.This is no longer the easiest way to apply shapers, since in FortiOS 5.4 traffic shaping is now configured in the traffic shaping policy section, under Policy & Objects > Traffic Shaping Policy. However, you can still enable traffic shapers within a security policy using CLI commands and it will then appear in the web-based manager afterwards. The shapers always go into effect after any DoS detection policies, and before any routing or packet scanning occurs.

Traffic shaping is also supported for IPv6 policies.

This is not the recommended method, as it is easier to keep track of and order your traffic shaping policies if you configure them within a traffic shaping policy.


To enable traffic shaping within a security policy- CLI:

config firewall policy edit <policy number>

set traffic-shaper <shaper name>

set reverse-traffic-shaper <shaper name>

set per-ip-shaper <per IP shaper name>


Shared shapers affect outbound traffic heading to a destination. To affect inbound traffic , or downloads, enable the Reverse Shaper, too. For more information, see Reverse direction traffic shaping on page 2487.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

One thought on “Enabling traffic shaping in the security policy

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.