Define a Traffic Management Action
Traffic Management enables you to set the maximum bandwidth available for different types of traffic and to guarantee a minimum amount of bandwidth for specific traffic flows. Both the maximum bandwidth and guaranteed bandwidth apply only if the necessary bandwidth is available through the interface that handles the traffic.
The Traffic Management configuration is flexible: you can control traffic by policy, application, traffic direction, and source IP address. For example, you can use Traffic Management Actions to:
- Limit bandwidth for HTTP for all users on the trusted interface to the Internet
- Guarantee a specific user 10 Mbps bandwidth for HTTP traffic
- Guarantee bandwidth for a specific application
- Limit bandwidth used by specific applications or application categories
- Limit the bandwidth for a group
- Limit the bandwidth used for FTP per source IP address
Before you implement Traffic Management, you must know the available bandwidth and decide how much bandwidth you want to guarantee or limit for different types of network traffic. For more information, go to Get Started with Traffic Management.
In the Traffic Management settings, 1 Kbps is equal to 1024 bits per second.
Traffic Management Action Types
The Traffic Management action type determines how the action is applied. There are three Traffic Management action types:
All Policies
An All Policies action applies to the combined bandwidth of all policies that use it. If you create an All Policies Traffic Management Action to set a maximum bandwidth of 10 Mbps and apply the action to an FTP and an HTTP policy, all connections handled by those policies share the 10 Mbps bandwidth maximum.
Per Policy
A Per Policy action applies individually to each policy that uses it. If you create a Per Policy Traffic Management Action to set a maximum bandwidth of 10 Mbps and apply the action to an FTP and an HTTP policy, connections handled by each of those policies can use a maximum of 10 Mbps.
Per IP Address
A Per IP Address action applies individually to each source IP address for all policies that use the action. If you create a Per IP Address Traffic Management Action to set a maximum bandwidth of 10 Mbps and apply the action to an FTP and an HTTP policy, the connections from each source IP address handled by those policies can use a maximum of 10 Mbps.
For a Per IP Address action, you set the Maximum Instance, which is the maximum number of source IP addresses that the action can apply to. If the number of source IP addresses exceeds the maximum instance, some source IP addresses begin to share the bandwidth settings in the action.
When the number of concurrent source IP addresses that use a Traffic Management Action exceeds the Maximum Instance for the action, a round-robin algorithm determines which source IP addresses share bandwidth. Recently connected source IP addresses share bandwidth with client IP addresses that have been connected longest. For example, if a Per IP Address action has a Maximum Instance of 10, the eleventh source IP address shares bandwidth with the first source IP address that used the action, the twelfth source IP address shares bandwidth with the second source IP address that used the action, and so on.
Each instance created for a Per IP Address action can hold up to eight IPv4 addresses and two IPv6 addresses. For a Per IP Address action, you configure the maximum number of source IP addresses that the action can apply to. If you plan to limit bandwidth for each client, we recommend that you configure more instances than the number of clients. If you configure more than the maximum number of source IP addresses that the action can apply to, a round-robin algorithm determines which source IP addresses share bandwidth.
Example Per IP Address Action
Because each instance created for a Per IP Address action can hold up to eight IPv4 addresses and two IPv6 addresses, if you plan to limit bandwidth for each client, we recommend that you specify a Maximum Instance value greater than the number of clients.
For example, to limit bandwidth for 250 IPv4 address clients, type a value of 32 Maximum Instances. This limits the bandwidth for up to 256 IPv4 addresses (32 instances), and each instance has a maximum bandwidth of approximately 750 Mbps. The number of instances and maximum bandwidth determines the bandwidth for the action. In this example, 750 Mbps x 32 instances = 24 Gbps.
In this example, the Traffic Management action has a guaranteed bandwidth of 5 Mbps for each of the 32 instances. The action prioritizes the guaranteed bandwidth first. If the action handles less than 5 Mbps of traffic for an instance, the full 5 Mbps bandwidth is not set aside from non-guaranteed traffic, but it is prioritized. The number of instances and the guaranteed bandwidth determine the bandwidth volume prioritized by the action. In this example, 5 Mbps x 32 instances = 160 Mbps.
Configure OS Compatibility
Because Traffic Management functions differently for different versions of Fireware OS, you must configure the OS Compatibility setting before you can add a Traffic Management action. If the OS Compatibility setting is unknown, Policy Manager automatically opens the OS Compatibility dialog box the first time you add a Traffic Management action. For more information about OS compatibility, see Configure Fireware OS Compatibility.
Add a Traffic Management Action
After you add a Traffic Management Action, you can apply it to policies and applications.
- Select Firewall > Traffic Management.
The Traffic Management page appears. - Select the Enable Traffic Management check box to enable Traffic Management.
- Click Add to create a new Traffic Management Action.
Or, select an action and click Edit.
The Traffic Management Action Settings page appears.
- Type a Name and a Description (optional) for the action. You use the action name to refer to the action when you assign it to a policy.
- From the Type drop-down list, select the action type.
- In the Maximum Bandwidth text box and the adjacent drop-down list, specify the maximum bandwidth to allocate for traffic managed by this action.
- In the Guaranteed Bandwidth text box and the adjacent drop-down list, specify the minimum bandwidth you would like to guarantee for traffic managed by this action.
- If this is a Per IP Address action, in the Maximum Instance text box, type the number of instances. For an example of a Per IP Address action, go to Example Per IP Address Action.
- Click Save.
To add a Traffic Management action, from Policy Manager:
- Double-click the policy for which you want to enable Traffic Management.
- Select the Advanced tab.
- Click .
Or, select Setup > Actions > Traffic Management and click Add. - Follow the steps in the next section to configure the Traffic Management Action for the version of Fireware that runs on your device.
To configure a Traffic Management Action, from Policy Manager:
- (Optional) In the Name text box, edit the name for this action.
- (Optional) In the Description text box, type a description of this action.
- From the Type drop-down list, select the action type.
- In the Maximum bandwidth text box and the adjacent drop-down list, specify the maximum bandwidth to allocate for traffic managed by this action.
- In the Guaranteed bandwidth text box and the adjacent drop-down list, specify the minimum bandwidth you would like to guarantee for traffic managed by this action.
- If this is a Per IP Address action, in the Maximum Instance text box, type the number of instances. For an example of a Per IP Address action, go to Example Per IP Address Action.
- Click OK.
If you defined the Traffic Management Action from a policy, the new action appears in the Advanced tab of the policy.
If you defined the Traffic Management Action from Setup > Actions > Traffic Management, you must add it to a policy for it to have an effect on your network. For more information, go to Add Traffic Management Actions to a Policy.
Edit, Clone, or Remove a Traffic Management Action
You can clone, edit, or remove an existing Traffic Management action.
- Select the traffic management action from the list.
- Click one of these options:
- Clone — Make a copy of the selected action
- Edit — Edit the selected action
- Remove — Remove the selected action, if it is not used by a policy
About Traffic Management and QoS