Application: limiting and reserving bandwidth in a LAN/WAN/DMZ architecture

For this example, it is assumed that the user already has the lowest configuration required to apply QoS in a LAN/WAN/DMZ architecture.

This example also explains how to add the components needed in order to apply bandwidth reservation or limitation to some traffic passing through the links attached to the LAN, WAN and DMZ interfaces.

Details of the traffic management policy set up by the administrator are shown below.

Limiting and reserving bandwidth over the WAN link

NOTE
The sum of all bandwidth reserved for a link must not exceed 85% of the link's total bandwidth. This is because the usable bandwidth for such reservations is equal to the bandwidth assigned to the corresponding traffic shaper (90% of total bandwidth) minus the bandwidth assigned to the acknowledgment queue (5% of total bandwidth).

Transferring work files (FTP)

Set a queue named FTP_WAN_Q:

  • Reservation of 10 Mbit/s and limitation to 20 Mbit/s for outgoing traffic,
  • Reservation of 10 Mbit/s and limitation to 20 Mbit/s for return traffic.

Hosting and sharing files over external servers (e.g., Google Drive)

A queue named GD_WAN_Q will be used in this example:

  • Reservation of 10 Mbit/s and no limitation for outgoing traffic,
  • Reservation of 10 Mbit/s and limitation to 20 Mbit/s for return traffic.

NOTE
This queue will be used in a filter rule going to the Google Drive web service.
This predefined object gathers all the known IP addresses and FQDNs of Google Drive services.
It is automatically updated via the firewall’s Active Update service.

Transferring HTTP/HTTPS files to and from the external work server

Set a queue named HTTP_WAN_Q:

  • Reservation of 40 Mbit/s and no limitation for outgoing traffic,
  • Reservation of 40 Mbit/s and no limitation for outgoing traffic.

VoIP communications (SIP)

Set a queue named SIP_WAN_Q:

  • Reservation of 15 Mbit/s and no limitation for outgoing traffic,
  • Reservation of 15 Mbit/s and no limitation for outgoing traffic.

Reserving bandwidth over the DMZ link

Transferring HTTP/HTTPS files to and from the local work server

Set a queue named HTTP_DMZ_Q:

  • Reservation of 600 Mbit/s and no limitation for outgoing traffic,
  • Reservation of 600 Mbit/s and no limitation for outgoing traffic.

Sharing files over a server

Set a queue named SMB_DMZ_Q:

  • Reservation of 100 Mbit/s and no limitation for outgoing traffic,
  • Reservation of 100 Mbit/s and no limitation for outgoing traffic.