Traffic Management and QoS Examples

To set different limits for upload and download bandwidth, you can use two different Traffic Management Actions in the same policy. For example, to limit HTTP traffic for all users to 2 Mbps maximum download bandwidth and 1 Mbps maximum upload bandwidth:

1. Add a Per Policy Traffic Management Action with Maximum 1 Mbps.
2. Add a Per Policy Traffic Management Action with Maximum 2 Mbps.
3. Configure an HTTP policy for traffic From: Trusted, To: Any-External.
4. In the HTTP policy:
   • Set the Forward Action to the action with the 1 Mbps maximum to limit uploads
   • Set the Reverse Action to the action with the 2 Mbps maximum to limit downloads

To guarantee bandwidth for a specific user, you can use a Per Policy Traffic Management Action in a policy for traffic from that user. For example, to guarantee 10 Mbps throughput for HTTP traffic for the user bsmith:

1. Add a Per Policy Traffic Management Action with 10 Mbps Guaranteed bandwidth
2. Create an HTTP policy for traffic From: bsmith, To: Any-External.
3. Use the Traffic Management Action as both the Forward Action and Reverse Action in the HTTP policy.

You can use a Per IP Address Traffic Management Action in a policy to control the amount of bandwidth used by each client IP address, for traffic handled by that policy. For example, to set a guaranteed bandwidth of 500 Kbps and a maximum bandwidth of 2048 Kbps for User1, User2, and User3:

1. Add a Per IP Address Traffic Management Action with the Maximum bandwidth set to 2048 Kbps, and the Guaranteed bandwidth set to 500 Kbps.
2. Create a policy for traffic From: User1, User2, and User3, To: Any-External.
3. Configure the policy to use the Traffic Management Action as both the Forward and Reverse action.

To guarantee or limit bandwidth used by specific applications, you can configure Application Control to use a Traffic Management Action, and then configure policies to use Application Control. For example, to limit the amount of bandwidth used for streaming media applications over HTTP:

1. Add a Traffic Management Action that limits bandwidth.
2. In Application Control, configure the Streaming Media application category to use the Traffic Management Action.
3. Configure the HTTP policy to use the Application Control Action.

To enforce different bandwidth limits for specific applications, you can use different Traffic Management Actions in policies and in Application Control Actions for the same policy. For example, to limit HTTP bandwidth for a group to 2 Mbps per user in the group, and also limit the bandwidth used by streaming game applications to 100 Kbps per user:

1. Add a Per IP Address Traffic Management Action, TM.2M, with 2 Mbps Maximum bandwidth.
2. Create an HTTP policy for traffic from the group to Any-External.
3. Apply the traffic management Action TM.2M as the forward and reverse action in the HTTP policy.
4. Add a Per IP Address Traffic Management Action, TM100K, with 100 Kbps Maximum bandwidth.
5. Use the TM.100K action for the Games application category in Application Control.
6. Enable the HTTP policy for the group to use the Application Control Action.

To limit bandwidth for HTTP upload and download traffic on a BOVPN to increase bandwidth for other applications, you can use a Traffic Management Action in a BOVPN HTTP policy:

1. Add a Per Policy Traffic Management Action with 2 Mbps Maximum bandwidth.
2. Configure a BOVPN policy for HTTP traffic. An In policy and Out policy will be created for BOVPN HTTP traffic.
3. Apply the Traffic Management action as the forward action (for uploads) and reverse action (for downloads) in both the In and Out BOVPN HTTP policies.

To use Traffic Management with a managed BOVPN tunnel, you must create a VPN firewall policy template and apply that template to the managed BOVPN tunnel. You cannot edit the default Any policy for managed BOVPN tunnels. For detailed information, go to Use Traffic Management for Managed BOVPN Tunnels.

To prioritize SIP traffic on a BOVPN to improve VoIP performance, you can configure QoS in a BOVPN SIP-ALG policy:

1. Configure a BOVPN policy for SIP-ALG traffic. An In policy and Out policy will be created for BOVPN SIP-ALG traffic.
2. On the Advanced tab for both the In and Out BOVPN SIP policies, select the QoS tab.
3. Select Override per-interface settings and configure your QoS settings. If you assign settings manually with IP precedence, use a priority level of 5 for VoIP traffic. If you use DSCP, use 46 (EF).

To use QoS with a managed BOVPN tunnel, you must create a VPN firewall policy template and apply that template to the managed BOVPN tunnel. You cannot edit the default Any policy for managed BOVPN tunnels. For detailed information, go to Enable QoS Marking for a Managed BOVPN Tunnel.

For an integration guide that shows how to set up QoS for traffic along a communication path that includes a Mitel Mobile Client, WatchGuard AP, WatchGuard FireboxV, and the Mitel Cloud VoIP service, go to Mitel VoIP, WatchGuard Wi-Fi Cloud, WatchGuard Firebox, and QoS.

To prioritize VLAN traffic, you can create a policy for VLAN traffic and configure the QoS settings in the policy.

For example, to prioritize traffic from two VLANs defined on your local network:

1. Add a Firebox policy.
2. For granularity, you can specify specific ports and protocols. For example, from the Packet Filter drop-down list, you might select TCP-UDP.
3. In the From list, specify only the two VLAN subnets. For example, specify the networks 10.0.1.0/24 and 10.0.2.0/24.
4. Select the Advanced tab.
5. In the QoS section, enable QoS marking and prioritization.
6. After you save the policy, change the policy order if needed. For example, you might move the policy so that it appears below the HTTPS proxy but above the outgoing policy.

In Fireware v12.7 or higher, you can also enable QoS marking on Firebox VLAN interfaces. QoS applied at the interface level is less granular than QoS applied to a policy.