Main Menu
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • English English English en
  • BLOG
  • CONTACT SALES
  • FREE TRIALS
  • English English English en
SonicWall
  • Products
      All Products A–Z
      Free Trials
    • Network Security
      • Next-Generation Firewall (NGFW)
      • Network Security Services
      • Network Security Management
      • Secure SD-WAN
    • Threat Protection
      • Advanced Threat Protection Cloud
      • Advanced Threat Protection Appliance
      • Capture Labs
    • Secure Access Service Edge (SASE)
      • Zero-Trust Network Access (ZTNA)
    • Cloud Security
      • Cloud Firewall
      • Cloud App Security
    • Endpoint Security
      • Endpoint Detection & Response (EDR)
    • Email Security
      • Cloud Email Security
      • Hosted Email Security
      • On-Prem Email Security
    • Secure Access
      • Wireless Access Points
      • Network Switch
      • Virtual Private Network (VPN)
    • Wi-Fi 6 Access Points

      SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.

      Read More
  • Solutions
    • Industries
      • Distributed Enterprises
      • Retail & Hospitality
      • K-12 Education
      • Higher Education
      • State & Local
      • Federal
      • Healthcare
      • Financial Services
      • Carriers
    • Use Cases
      • Secure SD-Branch
      • Network Segmentation
      • Zero Trust Security
      • Secure SD-WAN
      • Office 365 Security
      • SaaS Security
      • Secure Wi-Fi
    • Solutions Widgets
      • Solutions Content Widgets
        Federal

        Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions

      • Solutions Image Widgets
  • Partners
    • SonicWall Partners
      • Partners Overview
      • Find a Partner
      • Authorized Distributors
      • Technology Partners
    • Partner Resources
      • Become a Partner
      • SonicWall University
      • Training & Certification
    • Partner Widgets
      • Custom HTML : Partners Content WIdgets
        Partner Portal

        Access to deal registration, MDF, sales and marketing tools, training and more

      • Partners Image Widgets
  • Support
    • Support
      • Support Portal
      • Knowledge Base
      • Technical Documentation
      • Community
      • Video Tutorials
      • Product Life Cycle Tables
      • Partner Enabled Services
      • Contact Support
    • Resources
      • Resource Center
      • Events
      • Free Trials
      • Blog
      • SonicWall University
      • MySonicWall
    • Capture Labs
      • Capture Labs
      • Security Center
      • Security News
      • PSIRT
      • Application Catalog
    • Support Widget
      • Custom HTML : Support Content WIdgets
        Support Portal

        Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials

      • Support Image Widgets
  • COMPANY
    • Boundless Cybersecurity
    • Press Releases
    • News
    • Events
    • Awards
    • Leadership
    • Press Kit
    • Careers
  • PROMOTIONS
    • SonicWall Promotions
    • Customer Loyalty Program
  • MANAGED SERVICES
    • Managed Security Services
    • Security as a Service
    • Professional Services
  • Contact Sales
  • Menu

Configuring Bandwidth Management of App Control Signatures using App Rules

11/11/2022 255 People found this article helpful 205,697 Views

    Download
    Print
    Share
    • LinkedIn
    • Twitter
    • Facebook
    • Email
    • Copy URL The link has been copied to clipboard

    Description

    This article illustrates how to configure bandwidth management of App Control signatures using App Rules.

    NOTE: The default BWM Action Objects cannot be used in new App Rules, and are there for backwards compatibility. It is recommended to create BWM Action Objects from scratch to be used in new App Rules.

    Resolution

    Resolution for SonicOS 7.X

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.



    Enable Bandwidth Management on the WAN interface

    1. Navigate to Network | System | Interfaces | Interface Settings page in the GUI.
    2. Click Edit option of the active WAN connection.

      Image


    3. In the Advanced tab, under Bandwidth Management enable the check boxes Enable Interface Egress Bandwidth Limitation & Enable Interface Egress Bandwidth Limitation and specify the Egress & Ingress Bandwidth Values in terms of 'Kbps' respectively.

      Image


    NOTE:  Once BWM has been enabled on an interface, and a link speed defined, traffic traversing that link will be throttled—both inbound and outbound—to the declared values, even if no Access Rules or App Rules are configured with BWM settings.

    TIP: Egress and Ingress BWM can be enabled jointly or separately configured on WAN interfaces. Different bandwidth values may be entered for outbound and inbound bandwidth to support asymmetric links. Link rates up to 100,000 Kbps (100Mbit) may be declared on Fast Ethernet interfaces, while Gigabit Ethernet interfaces will support link rates up to 1,000,000 Kbps (Gigabit). The speed declared should reflect the actual bandwidth available for the link. Oversubscribing the link (i.e. declaring a value greater than the available bandwidth) is not recommended.

    Create a new Bandwidth Object

    1. Navigate to Object | Profile Objects | Bandwidth page.
    2. Click on Add.
    3. Enter the Object Name.
    4. Specify the Guaranteed Bandwidth and Maximum Bandwidth.
    5. In this example, we have specified a 5 Mbps Guaranteed and 5 Mbps Maximum Bandwidth.

      Image

    Set Bandwidth for App Control signatures

    Bandwidth Management using App Firewall infrastructure involves using Action Objects of type Bandwidth Management. There are three predefined Action Objects for bandwidth management:

    Image

    If you do not want to use the predefined Action Objects, Custom Action Objects of type Bandwidth Management can also be created. When creating a custom Bandwidth Management Action Object, the following two methods can be used:

    • Per Policy – When an Action Object configured with this method is used in multiple App Rules, the bandwidth set here will be calculated separately for each App Rule.
    • Per Action – When an Action Object configured with this method is used in multiple App Rules, the bandwidth set here will be shared by all App Rules with this Action Object.

    For the purpose of this article, we will be configuring bandwidth management using Per Policy.

    • Navigate to Objects | Action Objects | App Rule Actions page.
    • Click Add.
    • Enter the following Information.
      • Action Name
      • Select Bandwidth Management under Action.
      • Select Bandwidth Aggregation Method to Per Policy
      • Check the box Enable Inbound Bandwidth Management and choose the desired Bandwidth Object or click  Create a new Bandwidth Object
      • Check the box Enable Outbound Bandwidth Management and choose the desired Bandwidth Object or click  Create a new Bandwidth Object

        Image


    Create Match Objects with App Control Signatures.

    SonicWall provides the same granularity when using Application Firewall infrastructure as in App Control Advanced. Application Control can be configured for a Category (like Social Networking, IM etc), for an Application (like YouTube.com, facebook.com etc.) and for individual Signatures (like video in facebook.com etc). However, each Match Object may contain only one of the above three. For example, you cannot create a Match Object with the Social Networking Category along with the Application, YouTube. In this article we would be using the Category, Multimedia.

    • Navigate to Object | Match Objects | Match Objects page.
    • Click Add.
    • Enter the Object Name.
    • From the drop down of Match Object Type select  Application Category List .
    • Choose the Application Category that you wish for from the drop down.

      Image

    Create App Rules

    • Navigate to Policy | App Rules and click Settings Icon. Check the box under Enable App Rules.
    • Click Accept.

      Image
    • Click  Add Rule.
    • Enter the following information and click OK to save.

      Image

    Testing

    • When accessing a multimedia website like www.YouTube.com, the following messages will be logged under Monitor | Logs | System Logs.

      Image



    Resolution for SonicOS 6.5

    This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.

    Enable Bandwidth Management on the WAN interface

    • Click Manage in the top navigation menu.
    • Navigate to System Setup | Network | Interfaces page in the GUI.
    • Click   Configure option of the active WAN connection. (Here single WAN connection is used).
      Image

    • In the Advanced tab, under Bandwidth Management enable the check boxes Enable Interface Egress Bandwidth Limitation& Enable Interface Egress Bandwidth Limitation and specify the Egress & Ingress Bandwidth Values in terms of 'Kbps' respectively.

       Image

    NOTE: Once BWM has been enabled on an interface, and a link speed defined, traffic traversing that link will be throttled-both inbound and outbound-to the declared values, even if no Access Rules or App Rules are configured with BWM settings.

    TIP: Egress and Ingress BWM can be enabled jointly or separately configured on WAN interfaces. Different bandwidth values may be entered for outbound and inbound bandwidth to support asymmetric links. Link rates up to 100,000 Kbps (100Mbit) may be declared on Fast Ethernet interfaces, while Gigabit Ethernet interfaces will support link rates up to 1,000,000 Kbps (Gigabit). The speed declared should reflect the actual bandwidth available for the link. Oversubscribing the link (i.e. declaring a value greater than the available bandwidth) is not recommended.


    Set Bandwidth for App Control signatures

    Bandwidth Management using App Firewall infrastructure involves using Action Objects of type Bandwidth Management. There are three predefined Action Objects for bandwidth management:

    NameGuaranteedMaximumPriority
    High0.00%100%0 - Highest
    Medium0.00%90%5
    Low0.00%70%7 - Lowest

    If you do not want to use the predefined Action Objects, Custom Action Objects of type Bandwidth Management can also be created. When creating a custom Bandwidth Management Action Object, the following two methods can be used:

    Per Policy – When an Action Object configured with this method is used in multiple App Rules, the bandwidth set here will be calculated separately for each App Rule.
    Per Action – When an Action Object configured with this method is used in multiple App Rules, the bandwidth set here will be shared by all App Rules with this Action Object.

    For the purpose of this article, we will be configuring bandwidth management using Per Policy.

    • Navigate to Policies | Objects | Action Objects page.
    • Click Add
    • Enter the following Information.
      • Action Name:
      • Select Bandwidth Management under Action.
      • Select Bandwidth Aggregation Method to Per Policy
      • Check the box Enable Inbound Bandwidth Management and choose the desired Bandwidth Object or click  Create a new Bandwidth Object
      • Check the box Enable Outbound Bandwidth Management and choose the desired Bandwidth Object or click  Create a new Bandwidth Object
        Image

    Create Match Objects with App Control Signatures.

    SonicWall provides the same granularity when using Application Firewall infrastructure as in App Control Advanced . Application Control can be configured for a Category (like Social Networking, IM etc), for an Application (like YouTube.com, facebook.com etc.) and for individual Signatures (like video in facebook.com etc). However, each Match Object may contain only one of the above three. For example, you cannot create a Match Object with the Social Networking Category along with the Application, YouTube. In this article we would be using the Category, Multimedia.

    • Navigate to Polices | Objects | Match Objects page.
    • Click   Add New Match Object button.
    • Select the option  Match Object  from the drop down of  Add as shown in the GUI.

      Image

    • In the new window that has opened, enter the following options.
      • Enter the Object Name.
      • From the drop down of Match Object Type select  Application Category List .
      • Choose the Application Categories  that you wish for from the drop down.
        Image

    Create App Rules

    • Navigate to Policies | Application Control and click  Gear Icon. Check the box under Enable App Rules .
      Image

    • Click  Add New Policy.
    • Enter the following information and click OK to save.
      Image

    Testing

    • When accessing a multimedia website like www.YouTube.com, the following messages will be logged under Log | View.Image



    Resolution for SonicOS 6.2 and Below

    The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.

    Enable Bandwidth Management on the WAN interface

    • Login to the SonicWall management GUI.
    • Navigate to Network | Interfaces page.
    • Click  Configure button under an interface in the WAN zone. In this example the X1 interface.
    • Click Advanced tab and do one or both of the following:
      • Under Bandwidth Management, to manage outbound bandwidth, select the Enable Egress Bandwidth Management checkbox, and optionally set the Available Interface Egress Bandwidth (Kbps) field to the maximum for the interface.
      • Under Bandwidth Management, to manage inbound bandwidth, select the Enable Ingress Bandwidth Management checkbox and optionally set the Available Interface Ingress Bandwidth (Kbps) field to the maximum for the interface.
    • Click  OK .
      Image

    NOTE: Once BMW has been enabled on an interface, and a link speed defined, traffic traversing that link will be throttled-both inbound and outbound-to the declared values, even if no Access Rules or App Rules are configured with BWM settings.

    TIP: Egress and Ingress BWM can be enabled jointly or separately configured on WAN interfaces. Different bandwidth values may be entered for outbound and inbound bandwidth to support asymmetric links. Link rates up to 100,000 Kbps (100Mbit) may be declared on Fast Ethernet interfaces, while Gigabit Ethernet interfaces will support link rates up to 1,000,000 Kbps (Gigabit). The speed declared should reflect the actual bandwidth available for the link. Oversubscribing the link (i.e. declaring a value greater than the available bandwidth) is not recommended.

    Set Bandwidth for App Control signatures

    Bandwidth Management using App Firewall infrastructure involves using Action Objects of type Bandwidth Management. There are three predefined Action Objects for bandwidth management:

    NameGuaranteedMaximumPriority
    High0.00%100%0 - Highest
    Medium0.00%90%5
    Low0.00%70%7 - Lowest

    If you do not want to use the predefined Action Objects, Custom Action Objects of type Bandwidth Management can also be created. When creating a custom Bandwidth Management Action Object, the following two methods can be used:

    Per Policy – When an Action Object configured with this method is used in multiple App Rules, the bandwidth set here will be calculated separately for each App Rule.
    Per Action – When an Action Object configured with this method is used in multiple App Rules, the bandwidth set here will be shared by all App Rules with this Action Object.

    For the purpose of this article, we will be configuring bandwidth management using Per Policy.

    • Navigate to Firewall | Action Objects page.
    • Click Add New Action Object and enter the following in the Add/Edit Action Object window.
      Image

    Create Match Objects with App Control Signatures

    SonicWall provides the same granularity when using Application Firewall infrastructure as in App Control Advanced . Application Control can be configured for a Category (like Social Networking, IM etc), for an Application (like YouTube.com, facebook.com etc.) and for individual Signatures (like video in facebook.com etc). However, each Match Object may contain only one of the above three. For example, you cannot create a Match Object with the Social Networking Category along with the Application, YouTube. In this article we would be using the Category, Multimedia.

    • Navigate to Firewall | Match Objects page.
    • Click Add New Match Object button.
    • Configure the following in the Add/Edit Match Object window and click OK.
      Image


    Create App Rules

    • Navigate to Firewall | App Rules page.
    • Check the box under Enable App Rules.
    • Click Add New Policy to bring up the Edit App Control Policy and configure the following.
      Image

    Testing

    • When accessing a multimedia website like www.YouTube.com, the following messages will be logged under Log | View:Image



    Checking Bandwidth under App Flow Monitor

    • If licensed for App Flow, bandwidth usage can be checked under Dashboard | App Flow Monitor.Image

    Related Articles

    • Bandwidth usage and tracking in SonicWall
    • How to force an update of the Security Services Signatures from the Firewall GUI
    • Configure Guest VLAN in the TZ firewall, for guest users to access Internet only.

    Categories

    • Firewalls > NSa Series > Application Firewall
    • Firewalls > NSv Series > Application Firewall
    • Firewalls > TZ Series > Application Firewall
    • Firewalls > NSa Series > Networking
    • Firewalls > TZ Series > Networking

    Not Finding Your Answers?

    ASK THE COMMUNITY

    Was This Article Helpful?

    YESNO

    Article Helpful Form

    Article Not Helpful Form

    Company
    • Careers
    • News
    • Leadership
    • Awards
    • Press Kit
    • Contact Us
    Popular resources
    • Communities
    • Blog
    • SonicWall Capture Labs

    Stay In Touch

    • By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. You can unsubscribe at any time from the Preference Center.
    • This field is for validation purposes and should be left unchanged.
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
    • Instagram

    © 2023 SonicWall. All Rights Reserved.

    • Legal
    • Privacy
    • English
    Scroll to top