Traffic Mgmt Policy Configuration
Hi,
So newbie here, and I've done some looking online but still stumped.
I want to limit the bandwidth by specific IPV4 IP or the Hostname, like Office4.
I enabled Traffic Management, created two Actions, one per IP Address and one for All Policies, just for testing.
I then go into Firewall Policies, using either Web UI or System Manager, and assign the All Policy limits I created, but when I go to do a speed test, it doesn't seem to make any difference.
I thought the All Policies affected all policies under Firewall, so I created a per policy and applied them to HTTP-Proxy and HTTPS-Proxy but made no difference.
When I limit the overall bandwidth (Up and Down) under the Interfaces Tab in Traffic Management, that seems to work. As a test, I set it to 10Mbps and 20Mbps, and ran the speed test. Sure enough it was 10Mbps and 20Mbps.
So I've made some progress, just wondering why when I apply to the policy it does not work.
I also what to setup a new FW policy for the Hostname or the Host IP, to control the bandwidth for one or two systems on the network.
Any help would be appreciated.
Thank you!
Comments
Hi @Mirage
The "per policy/all policy/per client" settings in your traffic management policies are referring to how the thresholds are calculated.
-per policy means that each individual firewall policy that has your traffic management action applied to it will track throughput numbers separately.
-All policies means that the throughput numbers will be counted against all policies that the traffic management policy is applied to.
For example, if you set your maximum to 20Mbps, per policy would allow up to 20Mbps per policy, while all policies would only allow 20 per IP across all policies it is assigned to.
You can see that in the documentation here:
(About Traffic Management)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/qos_trafficmanagement/tm_about_11_9_c.html
You'll need to apply your traffic management action to each policy you want to use it with -- selecting "all policies" in your traffic management action won't do that for you.
With regards to applying that action to specific PCs on your network: If there is a DNS server on your network, and the firewall it pointed at it, you may be able to use hostnames in the rules provided they resolve properly. If they don't resolve, you'll need to specify IP addresses.
You can use the diagnostics on your firewall to run a DNS lookup from your firewall itself (pick the option for the management interface you're using):
(Run Diagnostic Tasks to Learn More About Log Messages) WatchGuard System Manager
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/fsm/log_message_learn_more_wsm.html
(Run Network Diagnostic Tasks in Fireware Web UI) WebUI
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/WG-Cloud/Devices/managed/fireware_webui_diagnostics_network.html
(Run Network Diagnostic Tasks in WatchGuard Cloud) WatchGuard Cloud
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/WG-Cloud/Devices/managed/monitor_diagnostics.html
-James Carson
WatchGuard Customer Support