Sample configuration
This sample configuration limits ingressing bandwidth to 500 Kb/s. It also applies separate traffic shapers to FTP and HTTP traffic. In addition to the interface bandwidth limit, HTTP traffic is subject to a security policy bandwidth limit of 200 Kb/s.
All egressing FTP traffic greater than 10 Kb/s is subject to a low priority queue (queue 3), while all egressing HTTP traffic greater than 100 Kb/s is subject to a medium priority queue (queue 2). That is, unless FTP traffic rates are lower than their guaranteed rate, and web traffic rates are greater than their guaranteed rate, FTP traffic is lower priority than web traffic.
Traffic less than these guaranteed bandwidth rates use the highest priority queue (queue 0).
Set the inbandwidth limits. This setting is only available in the CLI:
config system interface
edit wan1
set inbandwidth 500
next
end
Create the traffic shapers for FTP and HTTP.
To configure the FTP and HTTP shapers - web-based manager
1. Go to Policy and Objects > Objects > Traffic Shaper, and select the Create New “Plus” icon.
2. Enter FTP for the name of the shaper.
3. Set Apply Shaper to Per policy.
4. Set the Traffic Priority to Low.
5. Select the Guaranteed Bandwidth checkbox and enter 10 Kbps.
6. Select the Maximum Bandwidth checkbox and enter 500 Kbps.
7. Select OK.
8. Select the Create New “Plus” icon.
9. Enter HTTP for the name of the shaper.
10. Select the Traffic Priority of Medium.
11. Select the Guaranteed Bandwidth checkbox and enter 100 Kbps.
12. Select the Maximum Bandwidth checkbox and enter 200 Kbps.
13. Select OK.
To configure the FTP and HTTP shapers - CLI
config firewall shaper traffic-shaper
edit FTP
set maximum-bandwidth 500
set guaranteed-bandwidth 10
set per-policy enable
set priority low
next
edit HTTP
set maximum-bandwidth 200
set guaranteed-bandwidth 100
set per-policy enable
set priority medium
end