Configure Traffic Shaping Rules for Policies

Applies To: Cloud-managed Fireboxes

In WatchGuard Cloud, you can configure traffic shaping rules to control traffic handled by each policy. You can set the bandwidth limit available for different types of traffic or guarantee a minimum amount of bandwidth for specific traffic flows.

Bandwidth limits and guarantees apply only if the necessary bandwidth is available through the interface that handles the traffic. Before you implement Traffic Shaping, you must know the available bandwidth on the network and determine how much bandwidth you want to guarantee or limit for different types of traffic.

You can only apply a traffic shaping rule to policies of the same type. A single traffic shaping rule can apply to multiple policies, but a single policy cannot have multiple traffic shaping rules.

With Traffic Shaping, you can:

  • Guarantee bandwidth for each user
  • Guarantee bandwidth for all users combined
  • Limit bandwidth for each user
  • Limit bandwidth for all users combined

Add a Traffic Shaping Rule for a Policy

To add a traffic shaping rule for a policy, from WatchGuard Cloud:

  1. From Account Manager, select the account you want to add traffic shaping rules to.
  2. Select Configure > Devices.
  3. Select the cloud-managed Firebox that you want to create a traffic shaping rule for.
  4. Click Device Configuration.
    The Device Configuration page opens.
  5. Click the Traffic Shaping tile.
    The Traffic Shaping page opens.

Screenshot of the Traffic Management UI.

  1. From Firewall Policies, click Add Traffic Shaping Rule.
    The Add Traffic Shaping Rule page opens.

Screenshot of the Add Rule UI.

  1. Select a policy type. For information about policy types, go to Firewall Policy Types.
  2. Click Next.

Screenshot of the Add Traffic Shaping Rule page.

  1. In the Rule Name text box, type a name for the rule.
  2. In the Behavior section, select either Limit Bandwidth or Guarantee Bandwidth.
    • Limit Bandwidth — Set a maximum bandwidth limit that you want to allocate for traffic.
    • Guarantee Bandwidth — Set a minimum bandwidth guarantee that you want to allocate for traffic.
  1. In the Method section, select either All Users Combined or Per User.
    • All Users Combined — Set restrictions for bandwidth usage for all users combined. The bandwidth speed you define applies to all users in the policy that use the traffic shaping rule.
    • Per User — Set restrictions for bandwidth usage for each user. The bandwidth speed you define applies to each individual user in the policy that uses the traffic shaping rule.

The total bandwidth available to each user equals the maximum number of users multiplied by the bandwidth that you enter. If the number of actual users exceeds the maximum users, the first and last users share bandwidth.

  1. In the Upload text box and drop-down list, specify the upload bandwidth to allocate for traffic.
  2. In the Download text box and drop-down list, specify the download bandwidth to allocate for traffic.
  3. In the Policies section, select the policies you want to apply the traffic shaping rule to.
    Only policies of the type you selected in step 6 show in the Policies list. If you previously assigned a different traffic rule to a policy, the policy is unavailable.

Screenshot of the Policies section.

  1. Click Save.
    The new rule shows in the Traffic Shaping Rules list.

Screenshot of the rule added UI.

To create traffic shaping rules for multiple cloud-managed Fireboxes, you can add or edit a Firebox template. The Traffic Shaping feature is available from a Firebox template. For more information, go to About Firebox Templates.
If you use a template to create a traffic shaping rule, you must also use the template to edit or delete the rule. If you disable a traffic shaping rule in a template, the rule does not show on the device. You can only apply traffic shaping rules to policies in the same template as the rule.

Disable a Traffic Shaping Rule

In WatchGuard Cloud, you can disable a traffic shaping rule fromthe Traffic Management page.

To disable a traffic shaping rule from Traffic Management, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select a cloud-managed Firebox that you want to disable Traffic Shaping for.
  3. Click Device Configuration.
    The Device Configuration page opens.
  4. Click the Traffic Shaping tile.
    The Traffic Shaping page opens.
  5. From the Traffic Management page, click next to the name of a rule and select Disable.

Screenshot of the Traffic Shaping Rules list.

Delete a Traffic Shaping Rule

You can delete a traffic shaping rule from the Traffic Shaping tab.

To delete a traffic shaping rule:

  1. On the Traffic Shaping page, from the Traffic Management section, click the name of a rule you want to delete.
    The configuration page for the rule opens .
  2. In the Policies section, clear the check box for any policy that the rule currently applies to. Click Save.

Screenshot of the Traffic Shaping Policies list.

Before you can delete a traffic shaping rule, you must first clear the check boxes for any policies selected in the rule.

  1. On the Traffic Shaping page, from the Traffic Management section, click next to the name of a rule and select Delete.

Screenshot of the traffic shaping rule delete.

  1. In the Delete dialog box, click Delete.
    The rule is removed from the Traffic Shaping Rules list.

Related Topics

Monitor Traffic Shaping on Fireboxes and FireClusters

Configure Traffic Shaping Rules for Application Control