-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Bandwidth throttling of online streaming using Application Firewall
10/14/2021 
33 People found this article helpful
484,922 Views
Description
Application firewall scans application layer network traffic as it passes through the gateway and looks for content that matches configured keywords. When it finds a match, it performs the configured action. It can match text or binary content. When you configure application firewall, you create policies that define the type of applications to scan, the direction, the content or keywords to match. You could also optionally define the user or domain to match, and the action to perform.
Application Firewall provides application layer bandwidth management among other things. You can use application layer bandwidth management to control the amount of network bandwidth that can be used to transfer certain file types. This allows you to discourage non-productive traffic and encourage productive traffic on your network.
EXAMPLE: Online video streaming can consume a large amount of bandwidth. This article illustrates a method of throttling the bandwidth of such traffic using Application Firewall.
Resolution
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
NOTE: Bandwidth Management must be enabled before following this guide. Please, refer to How to Configure Bandwidth Management.
Defining a Match Object
- Login to the SonicWall management GUI.
- Click Manage in the top navigation menu.
- Navigate to Policies | Objects | Match Object page.
- Select the option Match Object from the drop down of Add as shown in the GUI.
- In the new window that has opened, enter the following options.
- Enter the Object Name.
- From the drop down of Match Object Type select Custom Object.
- Choose the Match Type as Exact Match.
- Here all the object types you should insert in the list above.
- audio/*
- video/*
- application/x-flash
- application/flash
- application/x-shockwave
- application/shockwave
- application/pn-real
- application/x-pn-real
- application/real
- application/x-real
- application/vnd.ms.wms-hdr.asfv1
- application/mpeg
- application/audio
- application/video
- application/sound
- application/x-audio
- application/x-video
- application/x-mpeg
- application/x-sound
- application/quicktime
- application/x-quicktime
- application/mms
- application/x-mms
- application/x-mms-framed
- application/x-rtsp-tunneled
- application/x-shockwave-flash
- flv-application/octet-stream
- application/x-silverlight-app
- Click OK.
Defining an Bandwidth Object
- Navigate to Policies | Rules | Bandwidth Object page on the GUI.
- In the new window, enter the fields as you wish. EXAMPLE: we have entered the following options.
- Name: Any friendly name for the bandwidth object.
- Guaranteed Bandwidth: Enter the amount of bandwidth that this bandwidth object will guarantee to provide for a traffic class (Kbps or Mbps).
- Maximum Bandwidth: Enter the maximum amount of bandwidth that this bandwidth object will provide for a traffic class.
- Traffic Priority: Enter the priority that this bandwidth object will provide for a traffic class (highest priority is 0 and lowest priority is 7).
- Violation Action: Delay or Drop - Select the action that this bandwidth object will provide (delay or drop) when traffic exceeds the maximum bandwidth setting.
- Comment: Enter a text comment or description for this bandwidth object (optional).
Defining an Action Object
- Navigate to Policies | Objects | Action Objectt page and click Add as shown in the GUI.
- Enter the following information:
- Action Name: BW Throttle
- Select Bandwidth Management under Action.
- Check the box Enable Inbound Bandwidth Management and create a new Bandwidth Object.
- Under Guaranteed Bandwidth enter the desired bandwidth. NOTE: If throttling is the objective then the lowest possible figure should be above 1.845% of the total bandwidth. For eg. for a 1 Mbps pipe the lowest possible bandwidth is about 19 Kbps.
- Under Maximum Bandwidth enter the desired bandwidth. NOTE: If throttling is the objective then the lowest possible figure should be above 1.845% of the total bandwidth. For eg. for a 1 Mbps pipe the lowest possible bandwidth is about 19 Kbps.
- Under Bandwidth Priority select 7 lowest.
- Check the box under Enable Tracking Bandwidth Usage.
- Click OK .
Creating an Application Firewall Policy
- Navigate to Policies | Application Control and click Gear Icon. Check the box under Enable App Rules.
- Click Add New Policy.
- Enter the following information and click OK.
How to Test:
To test this scenario go to https://www.youtube.com and watch a video. You should see alerts similar to the ones shown below in the log.
TIP: To verify the effectiveness of AF bandwidth management, try adjusting the Maximum Bandwidth value in the Bandwidth - Throttle action to larger and smaller values.You should see a marked improvement/degradation in the video streaming speed demonstrating that the bandwidth throttling is working as expected.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
Defining an Application Object
- Login to the SonicWall management GUI.
- Navigate to Application Firewall | Policies page.
- Check the box under Enable Application Firewall.
- Navigate to the Application Firewall | Application Objects page.
- Click Add New Object button.
- In the Edit Applicable Firewall Object page, enter information as per the screenshot.
- Click OK .
- Here all the object types you should insert in the list above.
- audio/*
- video/*
- application/x-flash
- application/flash
- application/x-shockwave
- application/shockwave
- application/pn-real
- application/x-pn-real
- application/real
- application/x-real
- application/vnd.ms.wms-hdr.asfv1
- application/mpeg
- application/audio
- application/video
- application/sound
- application/x-audio
- application/x-video
- application/x-mpeg
- application/x-sound
- application/quicktime
- application/x-quicktime
- application/mms
- application/x-mms
- application/x-mms-framed
- application/x-rtsp-tunneled
- application/x-shockwave-flash
- flv-application/octet-stream
- application/x-silverlight-app
Enabling Bandwidth Management on the WAN interface
- Navigate to Network | Interfaces page.
- Click configure on X1 (WAN) interface.
- Click Advanced tab on the Edit Interface window.
- Enable Egress and Ingress Bandwidth Management as per your total bandwidth.
- Enter the Available Interface Egress and Ingress Bandwidth in Kbps as per your total bandwidth..
- Click OK .
Defining bandwidth management action
- Navigate to Application Firewall | Actions page.
- Click Add New Action.
- Enter the following information:
- Action Name: BW Throttle
- Select Bandwidth Management under Action.
- Check the box Enable Inbound Bandwidth Management and create a new Bandwidth Object.
- Under Guaranteed Bandwidth enter the desired bandwidth. NOTE: If throttling is the objective then the lowest possible figure should be above 1.845% of the total bandwidth. For eg. for a 1 Mbps pipe the lowest possible bandwidth is about 19 Kbps.
- Under Maximum Bandwidth enter the desired bandwidth. NOTE: If throttling is the objective then the lowest possible figure should be above 1.845% of the total bandwidth. For eg. for a 1 Mbps pipe the lowest possible bandwidth is about 19 Kbps.
- Under Bandwidth Priority select 7 lowest.
- Check the box under Enable Tracking Bandwidth Usage
- Click OK .
Creating an Application Firewall Policy
- Navigate to the Application Firewall | Policies page.
- Click Add New Policy.
- Enter the following information and click OK .
How to Test:
To test this scenario go to http://www.youtube.com and watch a video. You should see alerts similar to the ones shown below in the log.
TIP: To verify the effectiveness of AF bandwidth management, try adjusting the ‘Maximum Bandwidth’ value in the ‘Bandwidth - Throttle’ action to larger and smaller values.You should see a marked improvement/degradation in the video streaming speed demonstrating that the bandwidth throttling is working as expected.
Related Articles
- How to configure numbered VPN tunnel
- Cysurance Partner FAQ
- How can I enable Enhanced Audit Logging Support?
Categories
- Firewalls > SonicWall SuperMassive 9000 Series > Application Firewall
- Firewalls > TZ Series > Application Firewall
- Firewalls > NSa Series > Application Firewall
- Firewalls > NSv Series > Application Firewall
YES
NO