Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Ob1lan
Collaborator

Application rule with bandwidth limiting not applied

Hi,

So we've got issue with our Application rules, more specifically the bandwidth limiting feature. The later seems not to be applied on the traffic.

For instance we have this rule that should limit Apple Software Updates for some users within our organization :

Apple.PNG

 

Whoever, even though we see the traffic matches the rule (seen in logs), the BW limit doesn't work : a single user/IP can download like 15Gb of data in 15 minutes. We were able to notice that that's to our network monitoring solution.

We've tried to debug this using fw ctl zdebug +drop | grep APPI_LIMIT and fw ctl zdebug -m APPI all > dbg.txt, as discussed here, but nothing shows up. 

Are we missing something ? How can we make sure the limit applies here ?

 

Another case, still related to application rules, is for Youtube traffic that is not recognized as such. The rule we have : 

Youtube-FRA.PNG

 

And a log that shows traffic to Youtube (monitoring shows also about 15Gb BW usage in 15 minutes), but not recognized, even though the Application & URL Filtering updates are done correctly :

LogDetail.PNG

 

For this one, how can we make sure the traffic is recognized as it should ?

Thanks in advance for your help, these issues with BW limiting are impacting one of our offices.

Regards,

Antoine

1 Reply
PhoneBoy
Admin
Admin

What precise version/JHF level?
Note that unless you are running R80.40, you will probably need HTTPS Inspection enabled to properly differentiate YouTube from Google due to usage of SNI.
For the bandwidth limit not working, a TAC case is probably in order.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events