This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Kosin_Usuwanthi
Collaborator
‎2017-09-19 08:04 PM

How to monitor bandwidth limit for application control

Hi

Anyone can advice. How to monitor bandwidth limit for application control ?

MGMT R80.10

GW R77.30

Bandwidth limit

Reply
11 Replies
Danny
Champion
Champion
‎2017-09-20 05:56 AM

SmartEvent Views is what you are looking for.

Reply
Kosin_Usuwanthi
Collaborator
‎2017-09-20 11:59 PM

Hi Danny

Thank you for your advice but I would like to see real time utilize or exceed drop for limit policy  when user complain about slow access.

0 Kudos
Reply
Kosin_Usuwanthi
Collaborator
‎2017-09-21 12:26 AM

Note - The Security Gateway implements the Limit action by dropping successive packets which exceed the allowed bandwidth.

How to monitor exceed drop ? I have no see this log from SmartConsole.

Reply
Danny
Champion
Champion
‎2017-09-21 01:23 AM
In response to Kosin_Usuwanthi

Then you want to use SmartLog like this:

Reply
Ed_Eades
Contributor
‎2018-11-13 03:15 PM
In response to Danny

I do not get any results when using the filter, "bandwidth AND appi_name:YouTube".  However I do get results if use the filter, "bandwidth" by itself or "appi_name:YouTube" by itself.

I am very interested in getting the results like the screen shot from Kosin.

Reply
Hugo_vd_Kooij
Advisor
‎2017-09-21 05:39 AM
In response to Kosin_Usuwanthi

Bandwidth management by dropping packets is a bad strategy. You can get much better results by changing (reducing) window sizes in responses and holding back acknowledgement packets.

Nothing gets dropped but you let the TCP protocol do the bandwidth limiting.

Not somethink I invented. Companies like PacketShaper (bought by Blue Coat, bought in turn by Symantec) did create great appliances with features like this.

Reply
Kosin_Usuwanthi
Collaborator
‎2017-09-24 08:37 PM

Thank you Danny. Now I can see drop log from smartview for bandwidth limit policy.

Reply
ovidiu_catrina
Contributor
‎2018-02-15 03:23 AM
In response to Kosin_Usuwanthi

hi

i have the same question as you.

Could you please guide me on how to get those statistics as you did?

thanks

0 Kudos
Reply
Timothy_Hall
Champion
Champion
‎2018-02-15 01:40 PM

When researching my book I dug into the APCL Limit feature, trying to find a way to disable APCL limits "on the fly" for testing purposes or to monitor real-time statistics for packets dropped due to a Limit.  The goal was to ensure an enforced Limit was not the cause of poor performance.  Other than the statistics that are included in the traffic logs as demonstrated by Danny Jung‌ above, there isn't a direct way to do that.  I also discovered that APCL/URLF cannot be disabled "on the fly" like Threat Prevention can with fw amw unload.

However fw ctl zdebug drop will show real-time packet drops due to an APCL limit with the message: PSL Drop: APPI_LIMIT

Also watch out for this issue when limits are applied to traffic subject to HTTPS Inspection:

sk70600: Connectivity issues when configuring Application Control limit and enabling HTTPS Inspectio...

--
Second Edition of my "Max Power" Firewall Book
Now Available at http://www.maxpowerfirewalls.com

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
Reply
phlrnnr
Advisor
‎2020-04-01 09:01 AM
In response to Timothy_Hall

@Timothy_Hall doesn't sk70600 only apply to R75.40?  Or does it apply to the R80 trains as well?

0 Kudos
Reply
Timothy_Hall
Champion
Champion
‎2020-04-01 09:11 AM
In response to phlrnnr

The cpas_tcp_do_sack variable still exists in the R80.40 kernel and its default value is 1.  If I'm reading the SK correctly you only need to flip this variable if the two hosts are using very large TCP windows and packet loss is present.  There were a ton of changes to CPAS (R80.20) and TLS Inspection (R80.30) so this variable may not even be relevant anymore.

Gaia 3.10 Immersion Self-paced Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Reply