In a large network with many computers, the volume of data that moves through the firewall can be very large. A network administrator can use Traffic Management and Quality of Service (QoS) actions to prevent data loss for important business applications, and to make sure mission-critical applications take priority over other traffic.
Traffic Management and QoS provide a number of benefits. You can:
To apply traffic management to policies, you define a Traffic Management action, which is a collection of settings that you can apply to one or more policy definitions. This way you do not need to configure the traffic management settings separately in each policy. You can define additional Traffic Management actions if you want to apply different settings to different policies.
For performance reasons, all traffic management and QoS features are disabled by default. You must enable these features in Global Settings before you can use them.
Bandwidth reservations can prevent connection timeouts. A traffic management queue with reserved bandwidth and low priority can give bandwidth to real-time applications with higher priority when necessary without disconnecting. Other traffic management queues can take advantage of unused reserved bandwidth when it becomes available.
For example, suppose your company has an FTP server on the external network and you want to guarantee that FTP always has at least 200 kilobytes per second (KBps) through the external interface. You might also consider setting a minimum bandwidth from the trusted interface to make sure that the connection has end-to-end guaranteed bandwidth. To do this, you would create a Traffic Management action that defines a minimum of 200 KBps for FTP traffic on the external interface. You would then create an FTP policy and apply the Traffic Management action. This will allow ftp put at 200 KBps. If you want to allow ftp get at 200 KBps, you must configure the FTP traffic on the trusted interface to also have a minimum of 200 KBps.
As another example, suppose your company uses multimedia materials (streaming media) to train external customers. This streaming media uses RTSP over port 554. You have frequent FTP uploads from the trusted to external interface, and you do not want these uploads to compete with your customers ability to receive the streaming media. To guarantee sufficient bandwidth, you could apply a Traffic Management action to the external interface for the streaming media port.
The guaranteed bandwidth setting works with the Outgoing Interface Bandwidth setting configured for each interface to make sure you do not guarantee more bandwidth than actually exists. This setting also helps you make sure the sum of your guaranteed bandwidth settings does not fill the link such that non-guaranteed traffic cannot pass. For example, suppose the link is 1 Mbps and you try to use a Traffic Management action that guarantees 973 Kbps (0.95 Mbps) to the FTP policy on that link. With these settings, the FTP traffic could use so much of the available bandwidth that other types of traffic cannot use the interface.
To preserve the bandwidth that is available for other applications, you can restrict the amount of bandwidth for certain traffic types or applications. This can also discourage the use of certain applications when users find that the speed of the application’s performance is significantly degraded.
The Maximum Bandwidth setting in a Traffic Management action enables you to set a limit on the amount of traffic allowed by the Traffic Management action.
For example, suppose that you want to allow FTP downloads but you want to limit the speed at which users can download files. You can add a Traffic Management action that has the Maximum bandwidth set to a low amount on the trusted interface, such as 100 kbps. This can help discourage FTP downloads when the users on the trusted interface find the FTP experience is unsatisfactory.
QoS marking creates different types of service for different kinds of outbound network traffic. When you mark traffic, you change up to six bits on packet header fields defined for this purpose. Other devices can make use of this marking and provide appropriate handling of a packet as it travels from one point to another in a network.
You can enable QoS marking for an individual interface or an individual policy. When you define QoS marking for an interface, each packet that leaves the interface is marked. When you define QoS marking for a policy, all traffic that uses that policy is also marked.
You can assign different levels of priority either to policies or for traffic on a particular interface. Traffic prioritization at the firewall allows you to manage multiple type of service (ToS) queues and reserve the highest priority for real-time or streaming data. A policy with high priority can take bandwidth away from existing low priority connections when the link is congested so traffic must compete for bandwidth.
Set Connection Rate Limits
Set Outgoing Interface Bandwidth
About QoS Marking
Define a Traffic Management Action