Chapter 17 Traffic Shaping for FortiOS 5.0 : Traffic shaping methods : Enabling in the security policy
  
Enabling in the security policy
All traffic shapers are enabled within a security policy, including the Application Control shapers. As such, the shapers are in effect after any DoS detection policies, and before any routing or packet scanning occurs.
Traffic shaping is also supported for IPv6 policies.
To enable traffic shaping - web-based manager
1. Go to Policy > Policy > Policy.
2. Select Create New or select an existing policy and select Edit.
3. Select Traffic Shaping.
4. Select the shaping option and select the shaper from the drop-down list.
5. Select OK.
Shapers applied in the security policy affect outbound or traffic to a destination. To affect inbound, or download, traffic, select Shared Traffic Shaper Reverse Direction. For more information, see “Reverse direction traffic shaping”.
To enable traffic shaping - CLI
config firewall policy
edit <policy_number>
...
set traffic-shaper <shaper_name>
set per-ip-shaper <shaper_name>
end
See also 
Reverse direction traffic shaping
Setting the reverse direction only
Shared policy shaping
Per-IP shaping
Application control shaping
Type of Service priority
Differentiated Services
Tos and DSCP mapping
Traffic Shaper Monitor