Solved

How Do I Create An Application Firewall Object For ALL Traffic?

Posted on 2009-06-30
4
755 Views
Last Modified: 2012-06-27
I have a Sonicwall NSA 5000 and I am trying to limit bandwidth for a particular subnet (we do hosting).  I can see with Application Firewall I can limit bandwidth based on Application objects (MP3, HTTP, etc.).  My question is, I don't want to limit it based on type, I want to limit ALL of it - how do I create an Application object that I can use in a policy that encompasses ALL traffic from that subnet?

Thanks!
Chris
0
Comment
Question by:idealaccount
  • 2
4 Comments
 
LVL 13

Accepted Solution

by:
Ugo Mena earned 125 total points
ID: 24749488
what you want to do can be achieved with an Address Object for the subnet .. We use this setup to limit the bandwidth available to our VPN client tunnels and it works great.

but before you can start managing your bandwidth you will need to enter your WAN connection speeds within the Network Interfaces/Advanced/Bandwidth Management section (remember here that Ingress is download speed, Egress is upload speed).
Then create an Address Object range for the subnet you would like to limit.
Next from the Firewall/Access Rules section you create a rule for that Address Object with services set to Any... Next, from within the Access Rules/Advanced tab you set the Limit the connections allowed to X (think sessions here, not users)... Then from within the Access Rules/Ethernet Bandwidth Management tab you should Enable EBM and then set your Guaranteed (Min) % and Max % of your WAN's available bandwidth that can be used by that Address Object.

0
 

Author Comment

by:idealaccount
ID: 24784699
I don't want to limit sessions, though, just total, bandwidth on the interface (per-vlan basically).  I have people paying for specific amounts of bandwidth (we do hosting) so I need to limit it by amount, not session count.
0
 
LVL 13

Expert Comment

by:Ugo Mena
ID: 24836743
you dont have to enable connection limiting to use the EBM max and min bandwidth mgmt. leave it unchecked and blank and it will be limiting by bandwidth only.
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When posting a question about a Cisco ASA, Cisco Router or Cisco Switch, it can aid diagnosis if a suitably sanitised copy of the config is provided. It is much better to leave as much of the configuration as original as possible, as it could be tha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question