Create a Post
Showing results for 
Search instead for 
Did you mean: 

Application Control limits - what mechanism does this use?

Can anyone clarify the mechanism used by the Application Control (bandwidth) limits? Is this simple policing (just discard the next packet over the threshold), or does it use some QoS approach like fair queuing or similar? It would be nice if it were more than simple policing (without having to enable QoS).

If this could be clarified in the docs that would be great.

0 Kudos
3 Replies

Not using QoS - as you can read in Next Generation Security Gateway Guide R80.30 p.120, 

Limiting Application Traffic 

Scenario: I want to limit my employees' access to streaming media so that it does not impede business tasks. 

If you do not want to block an application or category, there are different ways to set limits for employee access: 

• Add a Limit object to a rule to limit the bandwidth that is permitted for the rule. 

• Add one or more Time objects to a rule to make it active only during specified times. 

The example rule below: 

• Allows access to streaming media during non-peak business hours only. 

• Limits the upload throughput for streaming media in the company to 1 Gbps. 


So traffic bandwidth is limited and speed will be slower - not so unlike QoS...

0 Kudos
Champion Champion

Pretty sure it is just simple policing, see this thread for more details about how to gain insight into how APCL limits are enforced:

Note that enforcement of APCL limits for existing connections will not survive a cluster failover.


Gateway Performance Optimization R81.20 Course
now available at
0 Kudos

How about using the Time Limit object to almost block uploads or downloads to a full pre-defined application category (File Sharing lets say) by permitting Full speed on DOWN and trickle speed on Uploads or vice versa?

0 Kudos


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events