How do I throttle Internet for virtual interface with Bandwidth Management and Access Rule?
10/14/2021 33 People found this article helpful 406,890 Views
Description
Throttling the Internet bandwidth for a VLAN involves the following steps:
- Creating the Bandwidth Object
- Creating the Firewall Access Rule
NOTE: The Virtual interface needs to be in a different zone than other interfaces.
The following scenario covers how to throttle the Internet bandwidth for a VLAN subnet (192.168.20.0/24) located on a specific zone using Bandwidth Management and Access Rules. Once the configuration is complete, the maximum Internet bandwidth for that subnet will be throttled to 0.5 Mbps.
Resolution
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
First of all, verify that the virtual interface is assigned to a different zone than the other interfaces. If not, a new zone needs to be created and the interface needs to be assigned to that specific zone.
Creating the Bandwidth Object
- Enable Advanced Bandwidth Management by navigating to Manage | Firewall Settings | Bandwidth Management | Advanced.
- Create a new Bandwidth Object by navigating to Manage | Objects | Bandwidth Objects | Add.
Creating the Firewall Access Rule.
- Navigate to Manage | Rules | Access Rules, click Matrix button and click on the intersection between the zone where the virtual interface is assigned and the WAN zone. In this case, will be FROM New zone to WAN.
- Edit the rule that allows the traffic from that zone to the WAN by click on the edit button located on the right-hand side.
- Go to the BWM tab, select the options Enable Egress Bandwidth Management ('Allow' rules only) and Enable Ingress Bandwidth Management ('Allow' rules only) and select the Bandwidth Object you created earlier.
- This will throttle the ingress and egress bandwidth for the Internet traffic on that specific VLAN.
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
First of all, verify that the virtual interface is assigned to a different zone than the other interfaces. If not, a new zone needs to be created and the interface needs to be assigned to that specific zone.
Creating the Bandwidth Object
- Enable Advanced Bandwidth Management by navigating to Firewall Settings | BWM | Advanced.
- Create a new Bandwidth Object by navigating to Firewall | Bandwidth Objects | Add.
Creating the Firewall Access Rule.
- Navigate to Firewall | Access Rules ,click Matrix radio button and click on the intersection between the zone where the virtual interface is assigned and the WAN zone. In this case, will be FROM New zone | TO WAN.
- Edit the rule that allows the traffic from that zone to the WAN by click on the edit button located on the right-hand side.
- Go to the BWM tab, select the options Enable Egress Bandwidth Management ('Allow' rules only) and Enable Ingress Bandwidth Management ('Allow' rules only) and select the Bandwidth Object you created earlier.
- This will throttle the ingress and egress bandwidth for the Internet traffic on that specific VLAN.
Related Articles
Categories
Was This Article Helpful?
YESNO