This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ovidiu_catrina
Contributor
‎2018-02-15 03:41 AM

Bandwidth limit per app /category

hello

i have a cluster of 2 firewalls, they have enabled only the application blade, without the URL blade.

i want to limit the bandwidth for the category media streams and media sharing in the following way.

the thing is that is applied and installed but I have no idea on how to check if this is actually working.

i tried to look at the applications and sites but i dont see anything related to traffic being rate limited.

on the logs i do see that the traffic matches the rule created on the application layer but as i said, i have no idea on how to check if the limit is applied or not.

can someone guide me ?

Regards 

0 Kudos
13 Replies
Marco_Valenti
Advisor
‎2018-02-15 04:24 AM

That is a nice question

One way can be , if you have monitor blade enable  from top source view  compare the bandwith in use by single host

But someone can be more helpful than me on this

0 Kudos
ovidiu_catrina
Contributor
‎2018-02-15 05:41 AM

i am looking more to an answer similar to this Smiley Happy

How to monitor bandwidth limit for application control 

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2018-02-15 01:42 PM
In response to ovidiu_catrina

Please see my recent post in this thread, your monitoring options are somewhat "limited":

How to monitor bandwidth limit for application control 

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
Marco_Valenti
Advisor
‎2018-02-15 11:55 PM
In response to ovidiu_catrina

you ask for monitoring bandwith and not for dropped packet  Smiley Happy ofc Tim reply was more in deep no doubt about that

0 Kudos
Pablo_Barriga
Advisor
‎2018-02-15 02:22 PM

Hello can you edit the profile in the smartlog to check for further information about traffic.

ovidiu_catrina
Contributor
‎2018-02-16 12:33 AM

thanks for the feedback all, unfortunately this is not working for me.

i am not able to see any discarded packet on the smartview or smartlog.

also monitoring this through CLI as Tim Hall‌  fw ctl zdebug +drop | grep APPI_LIMIT i am not able to find a thing either.

so here it goes my question, is this really working? can media stream traffic be throttled ?

Regards 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-02-16 09:20 AM

This is more of a General Product Topics‌ question.

You won't necessarily see drops in SmartLog when traffic is limited.

From the notes I've seen internally, this is what you should be looking at to validate that limiting is happening (granted, this is from R75.40:

fw ctl zdebug -m APPI all > dbg.txt

In dbg.txt, look for: fw_appi_limit_set_matched_data: Set new rule_id: (rule_num)

This will tell you that traffic is being matched to a rule with limit.

Note this debug can be overwhelming on gateways with a lot of traffic, so I would only run it fairly briefly. 

ovidiu_catrina
Contributor
‎2018-02-19 02:13 AM

just a follow up, i managed to get logs on the zdebug.

now my question is , is there a way to  to have this in a nice report in the smartevent with the views/reports?

Regards 

0 Kudos
PhoneBoy
Admin
Admin
‎2018-02-19 12:04 PM
In response to ovidiu_catrina

What are you trying to get into the reports, exactly, that bandwidth was actually limited?

Since this isn't logged in the logs (to the best of my knowledge), I assume you can't run a report on it.

0 Kudos
ovidiu_catrina
Contributor
‎2018-02-22 02:24 AM
In response to PhoneBoy

i was hope to get something like this :img

0 Kudos
PhoneBoy
Admin
Admin
‎2018-02-22 09:22 AM
In response to ovidiu_catrina

As I said, it's not something we currently log, therefore not something we can report on.

It's something we can look at adding in a later release. 

0 Kudos
ovidiu_catrina
Contributor
‎2018-02-23 01:37 AM
In response to PhoneBoy

thanks!

0 Kudos
Hugo_vd_Kooij
MVP Gold
MVP Gold
‎2018-02-21 02:53 AM

To the best of my knowledge the fact that you use Accounting on the rule means you will have log entries that also contain information about the amount of triffic.

However this may no tell you anything about the bandwidth usage.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events