Note: This topic applies to the Leeds Release.
Bandwidth Management shaping is a licensed feature of your Smoothwall. Bandwidth Management allows you to shape the traffic throughput of specified external or bridged interfaces. It provides you with the ability to create multi-tiered, application-aware, bandwidth shaping policies.
Bandwidth Management provides the following features:
- The ability to create classes of service that guarantee bandwidth allocation to a specific IP address, or groups of IP addresses
- The ability to create classes of service that restrict available bandwidth for a specific IP address, or groups or IP addresses
- The ability to create classes of service that offer a “best efforts” bandwidth allocation
- The ability to guarantee a minimum bandwidth allocation available for specific applications
- The ability to restrict specific applications to a maximum bandwidth allocation
- The ability to equally reduce the quality of service within a class of service group
Note: Traffic to and from the Smoothwall’s administration user interface, user portal, and SSH traffic to the Smoothwall, is not limited, as an error in configuration may prevent access.
However, the following limitations apply:
- Only traffic using external, or bridged ports can be shaped.
- Bandwidth Management does not block applications from accessing the internet. For a detailed description of how to block applications, see Managing Block Pages .
- Traffic that is redirected through Guardian is not classified as originating from the client, but from your Smoothwall instead.
Note: Traffic shaping configured in the Guardian add-on module may overlap with configuration in Bandwidth Management. In such cases, both configuration rules are applied, however, the smallest limit always overrides the latter. For example, if Guardian has a policy to limit “news” traffic to two megabits per second, but Bandwidth Management limits all HTTP traffic to only one megabit per second, only the Bandwidth Management limit is applied.
It should be noted that not all applications are classified perfectly. This particularly applies to protocols which are designed to avoid detection, such as BitTorrent, or some peer-to-peer protocols. In some cases, such traffic may be classified as
Typically, such protocols use more bandwidth. To guarantee that the protocols are restricted, you can create a policy which restricts the amount of available bandwidth for unknown traffic, and add exceptions for allowed protocols. However, it should be noted that the majority of connections are initially classified as
Unknown until several packets are sent. A policy which blocks those protocols, rather than restricts them, may be more practical.
Note: Encrypted, secure packets may be classified as SSL traffic where another application group does not exist. However, it should be noted that there are some protocols that were not originally encrypted, but may have been upgraded using SSL, so may be classified as such now. Also, there are some protocols which use SSL as part of their protocol specification, in which case, these may classified correctly.
The following knowledge base article contains a detailed description of the currently available application groups — How does Smoothwall Classify Layer 7 Applications?