Configure bandwidth throttling

It is possible to limit the bandwidth that a sensor's management port has at its disposal (so for access and updates) by specifying the maximum amount of allowed traffic.

Limit traffic shaping bandwidth


Product	Guardian
Syntax	`conf.user configure system traffic_shaping bandwidth <max_bandwidth>`
Description	Set the maximum outbound bandwidth that the sensor's management interface can use. Inbound data is still unlimited. By default this works on all the outbound traffic and you can exclude some IPs. Instead if you use 'system traffic_shaping include ' it will limit only the outbound traffic of the inclusions and everything else will be unlimited.
Parameters	`max_bandwidth`: the bandwidth limit. The following units are supported: b, Kb, Mb, Gb. When no unit is specified, b is intended by default (i.e. bits per second). When setting a limit in decimal notation make sure you add the all the leading zeros, and the unit (e.g., write 0.015Mb, not .015Mb). (default: no limitation).
Where	CLI
To apply	Update rules with `n2os-firewall-update`. On a fresh installation a reboot is necessary.

For example, we can set a limit of two megabits with the following configuration command:

conf.user configure system traffic_shaping bandwidth 2Mb

Note that this command affects only the sensor on which it is executed, its effects are not propagated to other sensors.

It is possible to exclude from the limitation of the bandwidth specific hostnames or IPs.

Exclude IP from traffic shaping


Product	Guardian
Syntax	`conf.user configure system traffic_shaping exclude <ip>`
Description	Set the IP to exclude from the limitation. This command and 'system traffic_shaping include' are mutually exclusive.
Parameters	`ip`: the IP to exclude. It can be a single IP, a class of IPS or an hostname (e.g. 192.168.12.34 or 192.168.0.0/16 or `vantage.nozominetworks.io`).
Where	CLI
To apply	Update rules with `n2os-firewall-update`. On a fresh installation a reboot is necessary.

For example, we can exclude an IP with the following configuration command:

conf.user configure system traffic_shaping exclude 192.168.12.34

Note that this command affects only the sensor on which it is executed, its effects are not propagated to other sensors.

Or to include in the limitation of the bandwidth only specific hostnames or IPs.

Include IP to traffic shaping


Product	Guardian
Syntax	`conf.user configure system traffic_shaping include <ip>`
Description	Set the IP to include in the limitation. This command and 'system traffic_shaping exclude' are mutually exclusive.
Parameters	`ip`: the IP to include. It can be a single IP, a class of IPS or an hostname (e.g. 192.168.12.34 or 192.168.0.0/16 or `vantage.nozominetworks.io`).
Where	CLI
To apply	Update rules with `n2os-firewall-update`. On a fresh installation a reboot is necessary.

For example, we can include an IP with the following configuration command:

conf.user configure system traffic_shaping include 192.168.12.34

Note that this command affects only the sensor on which it is executed, its effects are not propagated to other sensors.

Inclusions and exclusions are mutually exclusive and you cannot use both simultaneously.