Configuring Bandwidth Management for HTTP Websites using App Rules feature
10/14/2021 1,101 People found this article helpful 491,723 Views
Description
From SonicOS 5.8 onwards, Application Control Advanced, CFS and IPS can be configured using the SonicWall Application Firewall infrastructure under Firewall | App Rules. This article illustrates how to configure bandwidth management to limit bandwidth for http sites using App Rules.
Resolution
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Create a Bandwidth Object:
To create a bandwidth Object,
- Navigate to Manage | Firewall Settings | Bandwidth Management
- Set the Bandwidth Management type to Advanced and Click on Accept.
- Navigate to Manage | Objects | Bandwidth Objects
- Click on Add and Provide a Friendly Name
- Guaranteed Bandwidth, Maximum Bandwidth and Traffic Priority values can be set as per your requirement.
- Set the Violation Action to Delay and Save the Settings.
Create an Action Object:
- Navigate to Manage | Objects | Action Objects.
- Click on Add New Action Object.
- Provide a friendly name and set the action object type to 'Bandwidth Management'
- Bandwidth Aggregation Method needs to be set to Per Policy
- Enable the Egress and Ingress Bandwidth Management and select the newly created bandwidth object from the drop down list and click Ok.
- Enable Tracking Bandwidth usage.
Create a Match Object with the Websites that needs Bandwidth limitations:
- Navigate to Manage | Objects | Match Objects.
- Click on 'Add New Match Object'
- Provide a Friendly Object Name
- Match object type should be HTTP host
- Set the Match type to Partial Match
- Type the websites that you want to limit and click on Add.
- Click on OK to save the settings.
Now we have the Action Object and Match Object created, we need to create an App Rule and apply the Address object and Match Object to the rule.
Create an App Rule and Apply the Action object and Match Object in the Rule:
- Navigate to Manage | Rules | App rules.
- Check the Box 'Enable App Rules'.
- Click on 'Add new Policy'.
- Give a Policy Name.
- Policy Type: HTTP Client
- Destination Service: HTTP
- You can exclude an Address object under 'Exclusion Address'
- Select the recently created Match Object in the 'Match Object' drop down.
- Select the newly created Action Object in the 'Action Objects 'drop down.
- You can include/exclude Users/ User Groups.
- You can schedule the rule using the schedule option.
- Set the connection side to client side and direction to Advanced.
- Click on OK to save the settings.
- At this point, the Bandwidth Management should be Applied to the Websites configured in the App Rules.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Create a Bandwidth Object:
In 5.8 Firmware versions and Below, the Bandwidth Values are entered in the Action Object itself but Firmware 5.9 and above provides option to create a Bandwidth object separately and use the same in the Action Object.
To create a bandwidth Object,
- Navigate to Firewall Settings | BWM
- Set the Bandwidth Management type to Advanced and Click on Accept.
- Navigate to Firewall | Bandwidth Objects
- Click on Add and Provide a Friendly Name
- Guaranteed Bandwidth, Maximum Bandwidth and Traffic Priority values can be set as per your requirement.
- Set the Violation Action to Delay and Save the Settings.
Create an Action Object:
- Navigate to Firewall | Action Objects.
- Click on Add New Action Object.
- Provide a friendly name and set the action object type to 'Bandwidth Management'
- Bandwidth Aggregation Method needs to be set to Per Policy
- Enable the Egress and Ingress Bandwidth Management and select the newly created bandwidth object from the drop down list and click Ok.
- Enable Tracking Bandwidth usage.
Create a Match Object with the Websites that needs Bandwidth limitations:
- Navigate to Firewall | Match Objects.
- Click on 'Add New Match Object'
- Provide a Friendly Object Name
- Match object type should be HTTP host
- Set the Match type to Partial Match
- Type the websites that you want to limit and click on Add.
- Click on OK to save the settings.
Now we have the Action Object and Match Object created, we need to create an App Rule and apply the Address object and Match Object to the rule.
Create an App Rule and Apply the Action object and Match Object in the Rule:
- Navigate to Firewall | App rules.
- Check the Box 'Enable App Rules'.
- Click on 'Add new Policy'.
- Give a Policy Name.
- Policy Type: HTTP Client
- Destination Service: HTTP
- You can exclude an Address object under 'Exclusion Address'
- Select the recently created Match Object in the 'Match Object' drop down.
- Select the newly created Action Object in the 'Action Objects 'drop down.
- You can include/exclude Users/ User Groups.
- You can schedule the rule using the schedule option.
- Set the connection side to client side and direction to Advanced.
- Click on OK to save the settings.
- At this point, the Bandwidth Management should be Applied to the Websites configured in the App Rules.
Related Articles
Categories
Was This Article Helpful?
YESNO