Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Limit the bandwidth of a single interface

Hi All,

and thanks in advance for any replies. We are looking at limiting a single interface; we have a part of a network that we want on 150 or 200 Mbps, and it's connected to one of the gateways through a single interface. 

We are not currently using QoS, so and I am looking for an easy way to implement that. There are some QoS guides out there that describe policing, but as part of full setup. Can anyone please point me towards something more condensed? 

Cheers, Tim 

9 Replies
Highlighted
Champion
Champion

I think you can use fw samp to do what you want, see:

sk112454: How to configure Rate Limiting rules for DoS Mitigation

Using this command you can set bandwidth/connection quotas that are efficiently enforced by SecureXL; this mechanism is vastly preferred to the Network Quota IPS signature which kills practically all SecureXL acceleration on the gateway.  Unfortunately you cannot directly specify a certain interface for enforcement in the matching criteria, but hopefully you could do the same thing with carefully selected source and/or destination networks in your fw samp statement.

 

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
Highlighted
Contributor

Thanks Jade,

 

will play with this in our test environment and share my experience here. Might be some time though, I'm off for a week and busy with other projects, I will update as soon as possible. 

Cheers. 

Advisor

Hi Tim

 

I am currently going through the same need.

Did you perhaps managed to get a solution for this requirement?

Thanks in advance

0 Kudos
Highlighted
Leader
Leader

Hi,

why not using the QoS blade ?

You can limit all or only one connection or networks or services or a mix of all.

Wolfgang

Highlighted
Champion
Champion

The QoS blade is now a possibility to do this as long as R80.20+ is in use on the gateway.  In R80.10 and earlier switching on QoS would cause practically all traffic to hit the QXL path, and cause a lot of overhead in the firewall along with some other odd problems.  Definitely not recommended to use QoS on R80.10 and earlier in most cases.

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted
Advisor

Hi Tim,

Perhaps I should give more details as to why we need to do this.

We have IPSEC connection with our partners that are currently configured on routers, and according to the agreement, the link must support up to 20MB.

Since we wish to migrate the IPSec tunnel to Check Point, we want to make sure that we can limit this connection to 20MB.

I saw a clish command "set interface ethX link-speed YY". Could this help?

We are using R80.20 gateways and Management Server.
Thanks
Highlighted
Leader
Leader

Sounds like QoS blade is your solution 🙂

Simple, take a look at the configuration in Smartconsole, it is an extra blade configuration.

Wolfgang

Highlighted
Advisor

Hi Wolfgang

Thanks. I will read up about that.

0 Kudos
Highlighted
Leader
Leader

That's the absolute truth Timothy.

But I think now it's time for newer releases like R80.20 or R80.30 😉

We use QoS with R80.30 and it works fine too with the acceleration features.

Wolfgang