An administrator creates a firewall policy with a traffic shaper to limit bandwidth for guest wireless users. After applying the policy, users can still consume high bandwidth. The administrator confirms the policy is matching. What is the MOST likely reason the traffic shaper is not effective?
Even if a shaper is defined, it must be explicitly assigned in the policy's 'Traffic Shaper' or 'Per-IP Shaper' field. If left as 'None', no shaping occurs.
Why this answer
Option C is correct because in FortiGate, a traffic shaper must be explicitly selected in the 'Traffic Shaper' field of the firewall policy to be applied. Simply creating a shaper and configuring it is insufficient; the policy's shaper field links the shaper to the traffic. Without this link, the shaper is not enforced, even if the policy matches.
Exam trap
The trap here is that candidates assume creating a traffic shaper automatically applies it to all matching traffic, but FortiGate requires explicit assignment in the firewall policy's shaper field to enforce the limit.
How to eliminate wrong answers
Option A is wrong because setting the maximum bandwidth too high would still limit bandwidth, just at a higher threshold; it would not cause the shaper to be completely ineffective. Option B is wrong because traffic shapers in FortiGate are applied per policy and control both ingress and egress directions based on the shaper type (e.g., per-policy shaper applies to both directions); direction misconfiguration would not render the shaper entirely ineffective. Option D is wrong because a per-IP shaper applied to a subnet is valid and would limit each individual IP's bandwidth; it would not cause the shaper to be ineffective.