Configure bandwidth throttling
It is possible to limit the bandwidth that a sensor's management port has at its disposal (so for access and updates) by specifying the maximum amount of allowed traffic.
Limit traffic shaping bandwidth
Product | Guardian |
Syntax | conf.user configure system traffic_shaping bandwidth <max_bandwidth> |
Description | Set the maximum outbound bandwidth that the sensor's management interface can use. Inbound data is still unlimited. By default this works on all the outbound traffic and you can exclude some IPs. Instead if you use 'system traffic_shaping include ' it will limit only the outbound traffic of the inclusions and everything else will be unlimited. |
Parameters | max_bandwidth : the bandwidth limit. The following units are supported: b, Kb, Mb, Gb.
When no unit is specified, b is intended by default (i.e. bits per second).
When setting a limit in decimal notation make sure you add the all the leading zeros,
and the unit (e.g., write 0.015Mb, not .015Mb). (default: no limitation). |
Where | CLI |
To apply | Update rules with n2os-firewall-update . On a fresh installation a reboot is necessary.
|
conf.user configure system traffic_shaping bandwidth 2Mb
Note that this
command affects only the sensor on which it is executed, its effects are not propagated to
other sensors. It is possible to exclude from the limitation of the bandwidth specific hostnames or IPs.
Exclude IP from traffic shaping
Product | Guardian |
Syntax | conf.user configure system traffic_shaping exclude <ip> |
Description | Set the IP to exclude from the limitation. This command and 'system traffic_shaping include' are mutually exclusive. |
Parameters | ip : the IP to exclude.
It can be a single IP, a class of IPS or an hostname (e.g. 192.168.12.34 or 192.168.0.0/16 or vantage.nozominetworks.io ). |
Where | CLI |
To apply | Update rules with n2os-firewall-update . On a fresh installation a reboot is necessary.
|
conf.user configure system traffic_shaping exclude 192.168.12.34
Note that this command affects only the sensor on which it is
executed, its effects are not propagated to other sensors.
Or to include in the limitation of the bandwidth only specific hostnames or IPs.
Include IP to traffic shaping
Product | Guardian |
Syntax | conf.user configure system traffic_shaping include <ip> |
Description | Set the IP to include in the limitation. This command and 'system traffic_shaping exclude' are mutually exclusive. |
Parameters | ip : the IP to include.
It can be a single IP, a class of IPS or an hostname (e.g. 192.168.12.34 or 192.168.0.0/16 or vantage.nozominetworks.io ). |
Where | CLI |
To apply | Update rules with |
conf.user configure system traffic_shaping include 192.168.12.34
Note
that this command affects only the sensor on which it is executed, its effects are not
propagated to other sensors. Inclusions and exclusions are mutually exclusive and you cannot use both simultaneously.