This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
velo
Collaborator
Monday
Jump to solution

Checkpoint SMB Traffic shaping/QOS

I have SMB gateways (Centrally managed) I want to restrict traffic to certain high traffic domains (e.g. Microsoft) so that it doesn't saturate the internet connection. On other vendors I have done this with traffic shaping, and given certain URLs and domains very low priority. 

Is it possible to achieve something similar on the SMB appliance? I found this article about QOS on SMB and in the limitations it says:

  • QoS rules configured with domain names are not enforced.  

From that, it looks like I can't do what I need? Is there another way to achieve this?

https://support.checkpoint.com/results/sk/sk32176

Thanks

 

0 Kudos
1 Solution

Accepted Solutions
Gaurav_Pandya
Advisor
Monday
Jump to solution

Hi,

Please check if below procedure helps in achieving your goal.

Try to use access control policy for domain based restriction. 

traditional QoS blades are often used for interface-level shaping. Application/domain-based limiting is best handled through the Application Control policy within the Access Control Policy.

Go to Security Policies > Access Control > Policy.
Create a new rule or edit an existing one.
In the Application/Sites column, add a new Application/Site object.
You can create a custom application group or search for specific URL categories (e.g., streaming sites, social media). To define specific domain names, select Custom Application/Site and enter the domain pattern (e.g., *.example.com).
Configure Traffic Shaping (Limitation)
In the Action column of your rule, select an action that allows traffic (e.g., Accept).
Right-click the Action and select Limit.
Define the maximum bandwidth (e.g., 500 Kbps) allowed for the matching domain/application.
Install the Policy

View solution in original post

2 Replies
Gaurav_Pandya
Advisor
Monday
Jump to solution

Hi,

Please check if below procedure helps in achieving your goal.

Try to use access control policy for domain based restriction. 

traditional QoS blades are often used for interface-level shaping. Application/domain-based limiting is best handled through the Application Control policy within the Access Control Policy.

Go to Security Policies > Access Control > Policy.
Create a new rule or edit an existing one.
In the Application/Sites column, add a new Application/Site object.
You can create a custom application group or search for specific URL categories (e.g., streaming sites, social media). To define specific domain names, select Custom Application/Site and enter the domain pattern (e.g., *.example.com).
Configure Traffic Shaping (Limitation)
In the Action column of your rule, select an action that allows traffic (e.g., Accept).
Right-click the Action and select Limit.
Define the maximum bandwidth (e.g., 500 Kbps) allowed for the matching domain/application.
Install the Policy

velo
Collaborator
Monday
In response to Gaurav_Pandya
Jump to solution

This is great, thank you

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events