The Bandwidth module is a licensed feature of your Smoothwall. It allows the firewall to manage bandwidth for different types of network traffic based on ports, protocols or application signatures and is separate from the bandwidth limiting policies found within the proxy settings, see our help topic, About bandwidth limiting policies.
If you're licensed, you can install the Bandwidth module through your Smoothwall’s user interface. To take advantage of the full functionality of the Bandwidth module, you need a Layer 7 license.
With the Bandwidth module you can shape the traffic throughput of specified external or bridged interfaces and create multitiered, application-aware, bandwidth shaping policies. However, there are limitations. For example, you can only shape traffic that uses external or bridged ports.
The Bandwidth module doesn't block applications from accessing the Internet. Traffic that's redirected through the Smoothwall Filter isn't classified as originating from the client but from your Smoothwall Filter instead. Traffic shaping configured in the Smoothwall Filter might overlap with configuration in the Bandwidth module. In such cases, both configuration rules are applied. However, the smallest limit always overrides the latter. For example, if you have a policy to limit “news” traffic to two megabits per second within the Smoothwall Filter, but within the Bandwidth module you limit all HTTP traffic to only one megabit per second, only the Bandwidth module's limit is applied.
Examples
If you need to manage bandwidth for Youtube or Facebook traffic, you can use the Web Proxy Bandwidth limiting policies, see our help topic, Creating bandwidth limiting policies.
The following are example scenarios where you can use the Bandwidth module to tailor your bandwidth.
Bring your own device (BYOD) services can be limited to a specific bandwidth share per user, with access to some applications restricted to the point where they're virtually unusable.
- Video streaming services, such as YouTube, are severely restricted for all devices, including BYOD. However, within dormitories, access is allowed but capped.
- Messaging services, such as Skype, are allowed unlimited bandwidth within dormitories.
- Online gaming services are restricted for all devices, including BYOD, from all subnets.
Business critical applications can be given priority over other applications. This can be further customized for each department, for example:
- Helpdesk staff are assigned a policy, which gives priority to remote access applications, such as VPN, VNC, and TeamViewer, followed by VoIP calls and email traffic. General web browsing is given the lowest priority.
- The Marketing department’s policy prioritizes collaboration tools, such as Lotus Notes and WebEx Messenger, and email traffic as equally important. General web browsing is given the lowest priority.
- A default policy for all other staff prioritizes email traffic over general web browsing.
Network services can be tailored for each type of guest service at the hotel:
- A basic hotel internet service, which provides enough bandwidth for general web browsing and email traffic. This might be a free service.
- A premium hotel internet service, which provides additional bandwidth for online gaming, messaging services such as Skype, and video streaming.
- Conference facilities can be assigned a guaranteed slice of bandwidth for video conferencing, VoIP, file transfer applications, and collaboration tools.