Creating security policies
To employ the shaper, create security policies that use the shapers within the policies. Create a separate policy for each service and enable traffic shaping. For example, a policy for FTP traffic, a policy for SIP and so on.
For the following steps the VoIP traffic shaper is enabled as well as the reverse direction option. This ensures that return traffic for a VoIP call has the same guaranteed bandwidth as the outgoing call.
To enable traffic shaping in the security policy - web-based manager
1. Go to Policy & Objects > Policy > IPv4 and select Create New.
2. Enter the following:
Incoming interface | Internal interface |
Source address | All |
Outgoing interface | WAN1 |
Destination address | All |
Schedule | always |
Service | SIP |
Action | ACCEPT |
3. Select Traffic Shaping.
4. From the drop-down menu, select the voip shaper created in the previous steps.
5. Select Reverse Direction Traffic Shaping.
6. Select OK.
To enable traffic shaping in the security policy - CLI
config firewall policy
edit 6
set srcintf <internal_interface>
set scraddr all
set dstintf wan1
set dstaddr all
set action accept
set schedule always
set service sip
set traffic-shaper voip
set reverse-traffic-shaper voip
end
See also