Sample configuration
This sample configuration limits ingressing bandwidth to 500 Kb/s. It also applies separate traffic shapers to FTP and HTTP traffic. In addition to the interface bandwidth limit, HTTP traffic is subject to a security policy bandwidth limit of 200 Kb/s.
All egressing FTP traffic greater than 10 Kb/s is subject to a low priority queue (queue 3), while all egressing HTTP traffic greater than 100 Kb/s is subject to a medium priority queue (queue 2). That is, unless FTP traffic rates are lower than their guaranteed rate, and web traffic rates are greater than their guaranteed rate, FTP traffic is lower priority than web traffic.
Traffic less than these guaranteed bandwidth rates use the highest priority queue (queue 0).
Set the inbandwidth limits. This setting is only available in the CLI:
config system interface
edit wan1
set inbandwidth 500
next
end
Create the traffic shapers or FTP and HTTP.
To configure the shapers - web-based manager
1. Go to Firewall Objects > Traffic Shaper > Shared, and select Create New.
2. Enter FTP for the name of the shaper.
3. Enter the Guaranteed Bandwidth, of 10 Kbps.
4. Enter a Maximum Bandwidth of 500 Kbps.
5. Select the Traffic Priority of Low.
6. Select OK.
7. Select Create New.
8. Enter HTTP for the name of the shaper.
9. Enter the Guaranteed Bandwidth, of 100 Kbps.
10. Enter a Maximum Bandwidth of 200 Kbps.
11. Select the Traffic Priority of Medium.
12. Select OK.
To configure the shapers - CLI
config firewall shaper traffic-shaper
edit FTP
set maximum-bandwidth 500
set guaranteed-bandwidth 10
set per-policy enable
set priority low
end
next
edit HTTP
set maximum-bandwidth 200
set guaranteed-bandwidth 100
set per-policy enable
set priority medium
end