Configure bandwidth throttling

It is possible to limit the bandwidth that a sensor's management port has at its disposal (so for access and updates) by specifying the maximum amount of allowed traffic.

Limit traffic shaping bandwidth

Product Guardian
Syntax conf.user configure system traffic_shaping bandwidth <max_bandwidth>
Description

Set the maximum outbound bandwidth that the sensor's management interface can use. Inbound data is still unlimited. By default this works on all the outbound traffic and you can exclude some IPs. Instead if you use 'system traffic_shaping include ' it will limit only the outbound traffic of the inclusions and everything else will be unlimited.

Parameters max_bandwidth: the bandwidth limit. The following units are supported: b, Kb, Mb, Gb. When no unit is specified, b is intended by default (i.e. bits per second). When setting a limit in decimal notation make sure you add the all the leading zeros, and the unit (e.g., write 0.015Mb, not .015Mb). (default: no limitation).
Where CLI
To apply Update rules with n2os-firewall-update. On a fresh installation a reboot is necessary.
For example, we can set a limit of two megabits with the following configuration command:
conf.user configure system traffic_shaping bandwidth 2Mb
Note that this command affects only the sensor on which it is executed, its effects are not propagated to other sensors.

It is possible to exclude from the limitation of the bandwidth specific hostnames or IPs.

Exclude IP from traffic shaping

Product Guardian
Syntax conf.user configure system traffic_shaping exclude <ip>
Description Set the IP to exclude from the limitation. This command and 'system traffic_shaping include' are mutually exclusive.
Parameters ip: the IP to exclude. It can be a single IP, a class of IPS or an hostname (e.g. 192.168.12.34 or 192.168.0.0/16 or vantage.nozominetworks.io).
Where CLI
To apply Update rules with n2os-firewall-update. On a fresh installation a reboot is necessary.
For example, we can exclude an IP with the following configuration command:
conf.user configure system traffic_shaping exclude 192.168.12.34
Note that this command affects only the sensor on which it is executed, its effects are not propagated to other sensors.

Or to include in the limitation of the bandwidth only specific hostnames or IPs.

Include IP to traffic shaping

Product Guardian
Syntax conf.user configure system traffic_shaping include <ip>
Description Set the IP to include in the limitation. This command and 'system traffic_shaping exclude' are mutually exclusive.
Parameters ip: the IP to include. It can be a single IP, a class of IPS or an hostname (e.g. 192.168.12.34 or 192.168.0.0/16 or vantage.nozominetworks.io).
Where CLI
To apply

Update rules with n2os-firewall-update. On a fresh installation a reboot is necessary.

For example, we can include an IP with the following configuration command:
conf.user configure system traffic_shaping include 192.168.12.34
Note that this command affects only the sensor on which it is executed, its effects are not propagated to other sensors.

Inclusions and exclusions are mutually exclusive and you cannot use both simultaneously.