- CheckMates
- :
- Products
- :
- General Topics
- :
- Re: Application Control limits - what mechanism do...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Application Control limits - what mechanism does this use?
Can anyone clarify the mechanism used by the Application Control (bandwidth) limits? Is this simple policing (just discard the next packet over the threshold), or does it use some QoS approach like fair queuing or similar? It would be nice if it were more than simple policing (without having to enable QoS).
If this could be clarified in the docs that would be great.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Not using QoS - as you can read in Next Generation Security Gateway Guide R80.30 p.120,
Limiting Application Traffic
Scenario: I want to limit my employees' access to streaming media so that it does not impede business tasks.
If you do not want to block an application or category, there are different ways to set limits for employee access:
• Add a Limit object to a rule to limit the bandwidth that is permitted for the rule.
• Add one or more Time objects to a rule to make it active only during specified times.
The example rule below:
• Allows access to streaming media during non-peak business hours only.
• Limits the upload throughput for streaming media in the company to 1 Gbps.
---
So traffic bandwidth is limited and speed will be slower - not so unlike QoS...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Pretty sure it is just simple policing, see this thread for more details about how to gain insight into how APCL limits are enforced:
Note that enforcement of APCL limits for existing connections will not survive a cluster failover.
now available at maxpowerfirewalls.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How about using the Time Limit object to almost block uploads or downloads to a full pre-defined application category (File Sharing lets say) by permitting Full speed on DOWN and trickle speed on Uploads or vice versa?