Configure Traffic Shaping Rules for Policies

Applies To: Cloud-managed Fireboxes

Overview

In WatchGuard Cloud, you can configure traffic shaping rules to control traffic handled by each firewall policy. You can set the bandwidth limit available for different types of traffic or guarantee a minimum amount of bandwidth for specific traffic flows.

With Traffic Shaping, you can:

  • Guarantee bandwidth for each user
  • Guarantee bandwidth for all users combined
  • Limit bandwidth for each user
  • Limit bandwidth for all users combined

Bandwidth limits and guarantees apply only if the necessary bandwidth is available through the interface that handles the traffic. Before you implement Traffic Shaping, you must know the available bandwidth on the network and determine how much bandwidth you want to guarantee or limit for different types of traffic.

A single traffic shaping rule can apply to multiple firewall policies, but a single policy cannot have multiple traffic shaping rules.

Traffic Shaping in the Automatic Policy Order and Manual Policy Order Modes

In Automatic Policy Order mode (recommended), you can apply a traffic shaping rule only to policies of the same type. When you add a shaping rule, you select the type of policy that the rule can apply to. On the Traffic Management page, configured rules appear in groups by policy type.

In Manual Policy Order mode, traffic shaping rules can apply to policies of multiple types, so when you add a traffic shaping rule, you do not select a policy type. On the Traffic Management page, configured rules appear in a single list.

If you create traffic shaping rules that apply to policies across multiple types, before you can re-enable Automatic Policy Order mode, you must configure your rules so that they apply only to policies of the same type.

For more information about the Automatic Policy Order and Manual Policy Order modes, go to Firewall Policy Priority on Cloud-Managed Fireboxes.

For more information about policy types, go to Firewall Policy Priority on Cloud-Managed Fireboxes.

Traffic Shaping Rules and Firebox Templates

To create traffic shaping rules for multiple cloud-managed Fireboxes, you can add or edit a Firebox template. The Traffic Shaping feature is available from a Firebox template.

If you use a template to create a traffic shaping rule, you must also use the template to edit or delete the rule. If you disable a traffic shaping rule in a template, the rule does not show in the device configuration. You can apply traffic shaping rules only to policies in the same template as the rule.

For more information about templates, go to About Firebox Templates.

Add a Traffic Shaping Rule for a Policy

To add a traffic shaping rule for a policy, from WatchGuard Cloud:

  1. From Account Manager, select the account you want to add traffic shaping rules to.
  2. Select Configure > Devices.
  3. Select the cloud-managed Firebox that you want to create a traffic shaping rule for.
  4. Click Device Configuration.
    The Device Configuration page opens.
  5. Click the Traffic Shaping tile.
    The Traffic Shaping page opens.

    Screenshot of the Traffic Management UI.

  6. From Firewall Policies, click Add Traffic Shaping Rule.
    The Add Traffic Shaping Rule page opens.
  7. Select a policy type and click Next. For information about policy types, go to Firewall Policy Types on Cloud-Managed Fireboxes.

    Screenshot of the Add Rule UI.

    In Manual Policy Order mode, you do not select a policy type.

  8. In the Rule Name text box, type a name for the rule.

    Screenshot of the Add Traffic Shaping Rule page.

  9. In the Behavior section, select either Limit Bandwidth or Guarantee Bandwidth.
    • Limit Bandwidth — Set a maximum bandwidth limit that you want to allocate for traffic.
    • Guarantee Bandwidth — Set a minimum bandwidth guarantee that you want to allocate for traffic.
  10. In the Method section, select either All Users Combined or Per User.
    • All Users Combined — Set restrictions for bandwidth usage for all users combined. The bandwidth speed you define applies to all users in the policy that use the traffic shaping rule.
    • Per User — Set restrictions for bandwidth usage for each user. The bandwidth speed you define applies to each individual user in the policy that uses the traffic shaping rule.

    The total bandwidth available to each user equals the maximum number of users multiplied by the bandwidth that you enter. If the number of actual users exceeds the maximum users, the first and last users share bandwidth.

  11. Depending on the policy type selected, in the Upload or Source to Destination text box and drop-down list, specify the upload bandwidth to allocate for traffic.
  12. Depending on the policy type selected, in the Download or Destination to Source text box and drop-down list, specify the download bandwidth to allocate for traffic.
  13. In the Policies section, select the firewall policies you want to apply the traffic shaping rule to.
    If you previously assigned a different traffic rule to a policy, the policy is unavailable. In Automatic Policy Order mode, only policies of the type you selected in Step 7 show in the Policies list.

    Screenshot of the Policies section.

  14. Click Save.
    The new rule shows in the list.

    Screenshot of the rule added UI.

Disable a Traffic Shaping Rule

In WatchGuard Cloud, you can disable a traffic shaping rule from the Traffic Management page.

To disable a traffic shaping rule from Traffic Management, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select a cloud-managed Firebox that you want to disable Traffic Shaping for.
  3. Click Device Configuration.
    The Device Configuration page opens.
  4. Click the Traffic Shaping tile.
    The Traffic Shaping page opens.
  5. From the Traffic Management page, click next to the name of a rule and select Disable.

    Screenshot of the Traffic Shaping Rules list.

Delete a Traffic Shaping Rule

You can delete a traffic shaping rule from the Traffic Shaping tab.

To delete a traffic shaping rule:

  1. On the Traffic Shaping page, from the Traffic Management section, click the name of a rule you want to delete.
    The configuration page for the rule opens .
  2. In the Policies section, clear the check box for any policy that the rule currently applies to. Click Save.

    Screenshot of the Traffic Shaping Policies list.

    Before you can delete a traffic shaping rule, you must first clear the check boxes for any policies selected in the rule.

  3. On the Traffic Shaping page, from the Traffic Management section, click next to the name of a rule and select Delete.

    Screenshot of the traffic shaping rule delete.

  4. In the Delete dialog box, click Delete.
    The rule is removed from the list.

Related Topics

Monitor Traffic Shaping on Fireboxes and FireClusters

Configure Traffic Shaping Rules for Application Control