firewall : shaper per-ip-shaper
 
shaper per-ip-shaper
Use this command to configure traffic shaping that is applied per IP address, instead of per policy or per shaper. As with the shared traffic shaper, you select per-IP traffic shapers in firewall policies.
Syntax
config firewall shaper per-ip-shaper
edit <name_str>
set diffserv-forward {enable | disable}
set diffserv-reverse {enable | disable}
set diffservcode-forward <dscp_bin>
set diffservcode-rev <dscp_bin>
set max-bandwidth <kbps_int>
set max-concurrent-session <sessions_int>
end
Variable
Description
Default
edit <name_str>
Enter the name of the traffic shaper.
No default.
diffserv-forward {enable | disable}
Enable or disable application of the differentiated services code point (DSCP) value to the DSCP field of forward (original) traffic. If enabled, also configure diffservcode-forward.
disable
diffserv-reverse {enable | disable}
Enable or disable application of the differentiated services code point (DSCP) value to the DSCP field of reverse (reply) traffic. If enabled, also configure diffservcode-rev.
disable
diffservcode-forward <dscp_bin>
Enter the differentiated services code point (DSCP) value that the FortiGate unit will apply to the field of originating (forward) packets. The value is 6 bits binary. The valid range is 000000-111111.
This option appears only if diffserv-forward is set to enable.
For details and DSCP configuration examples, see the Knowledge Center article Differentiated Services Code Point (DSCP) behavior.
000000
diffservcode-rev <dscp_bin>
Enter the differentiated services code point (DSCP) value that the FortiGate unit will apply to the field of reply (reverse) packets. The value is 6 bits binary. The valid range is 000000-111111.
This option appears only if diffserv-rev is set to enable
For details and DSCP configuration examples, see the Knowledge Center article Differentiated Services Code Point (DSCP) behavior.
000000
max-bandwidth <kbps_int>
Enter the maximum amount of bandwidth available for an IP address controlled by the policy. Kbps_int can be 0 to 16 776 000 Kbits/second. If maximum bandwidth is set to 0 no traffic is allowed by the policy.
0
max-concurrent-session <sessions_int>
Enter the maximum number of sessions allowed for an IP address. sessions_int can be 0 to 2097000. If maximum concurrent sessions is 0 then no sessions are allowed.
0