Creating security policies
To employ the shaper, create security policies that use the shapers within the policies. Create a separate policy for each service and enable traffic shaping. For example, a policy for FTP traffic, a policy for SIP and so on.
For the following steps the VoIP traffic shaper is enabled as well as the reverse direction option. This ensures that return traffic for a VoIP call has the same guaranteed bandwidth as the outgoing call.
To enable traffic shaping in the security policy - web-based manager
1. Go to Policy > Policy > Policy and select Create New.
2. Leave the Policy Type as Firewall and leave the Policy Subtype as Address.
3. Enter the following:
Incoming interface | Internal |
Source address | All |
Outgoing interface | WAN1 |
Destination address | All |
Schedule | always |
Service | SIP |
Action | ACCEPT |
4. Select Traffic Shaping.
5. From the drop-down list, select the voip shaper created in the previous steps.
6. Select Reverse Direction Traffic Shaping.
7. Select OK.
To enable traffic shaping in the security policy - CLI
config firewall policy
edit 6
set srcintf internal
set scraddr all
set dstintf wan1
set dstaddr all
set action accept
set schedule always
set service sip
set traffic-shaper voip
set reverse-traffic-shaper voip
end
See also