If your users are uploading and downloading a lot and it is saturating your internet line, you can manage the bandwidth limits for your web traffic. The web proxy bandwidth limiting policies only apply to downloads, not uploads. For Smoothwall Filter uploads only, you can set the file upload policy for the web filter options to restrict upload sizes, see our help topic, Configuring the web proxy. Otherwise, you can use the Bandwidth module in the Smoothwall Filter and Firewall. However, before you can apply a bandwidth rule that does this, there are some caveats.
Bandwidth Rules Are Applied by IP Addresses
You can only limit uploads based on IP addresses, not user groups. You need to prevent the upload capacity from being exhausted by web traffic so that it doesn't prevent other services from working. You can use destination IP addresses but this can be tricky when dealing with cloud services because the destination IP addresses might change.
Spoofing Needs to Be Turned on in the Web Proxy
Spoofing allows the Bandwidth module to see the client IP address when traffic is being proxied, needed to apply bandwidth limitations. Unfortunately, this means that some setups can't use this solution because spoofing requires return traffic to be routed back through the Smoothwall Filter and Firewall. You can turn on spoofing with the Smoothwall Filter and Firewall but you might encounter issues turning on spoofing if you only have the Smoothwall Filter. To determine whether you can turn spoofing on, contact Smoothwall Support.
After you turn spoofing on, you can configure your download and upload limits. For example, you have an internet connection with 100-MB incoming and 20-MB outgoing. You are running other services, such as remote desktop, VoIP and web services, and you want to reserve 10-MB outgoing and 5-MB incoming for those services. Therefore, you limit web traffic to 95-MB incoming and 10-Mb outgoing. In addition, prioritize non-web traffic higher than web traffic. This example procedure focuses on limiting upload values for web traffic to preserve bandwidth for other services.
Procedure
On the Shaping policies page, in the Shaping policies table, there should a Default shaping policy with a single Default slice with incoming and outgoing relative weights of 10 and no caps assigned.
- To limit your users' upload bandwidth, add a new slice to the Default policy with these settings, see our help topic, Adding an application slice to a bandwidth shaping policy:
- Name: "Web traffic"
- Applications:
-
Networking:
- "HTTP"
- This includes HTTP and HTTPS.
- "HTTP"
- Incoming relative weight: "10"
- Incoming cap: "95 Mbps"
- Outgoing relative weight: "10"
- Outgoing cap: "10 Mbps"
- Comment: "Slice to limit web traffic download and upload."
- Weighting prioritizes the traffic, and a priority of 1 is higher than a priority of 10. To prioritize non-HTTP traffic higher than HTTP traffic, edit the Default slice in the Default shaping policy to these settings:
- Incoming relative weight: 1
- Outgoing relative weight: 1
- On the Classes page, check that your All traffic bandwidth control class uses the Default Shaping policy, see our help topic, Managing bandwidth classes.
- On the Interfaces page, set up your interface and bandwidth values, Creating new bandwidth limits for interfaces:
- Interface: The external interface and IP address that you use for default link load balancing pool. You can see this on the Source NAT & LLB rules page, see out help topic, Adding exception rules for traffic generated by the Smoothwall Filter and Firewall.
- Maximum bandwidth in: according to the values on your internet connection.
- Maximum bandwidth out: according to the values on your internet connection.
- On the bandwidth diagnostics Monitoring page, check that the Default and All traffic bandwidth classifications are displayed, see our help topic, Monitoring bandwidth throughput.
- Test the download limits with a download resource, for example, Download Test Files.