Managing the bandwidth of incoming traffic

Bandwidth management and traffic prioritization are most useful for managing outgoing traffic.

Bandwidth management and prioritization usually help manage the quality of service for traffic going out through Internet links. These links are often the choke point in a corporate network due to the costs associated with increasing the bandwidth.

Controlling incoming traffic is more difficult because when the NGFW Engine processes the traffic, the packets have already traveled through congested links and used bandwidth. Still, you might be able to limit some types of incoming traffic in a limited way. In this case, only limits apply. To set guarantees and priorities for traffic, consider other solutions, such as arranging for your ISP to implement traffic management before the traffic is passed to your Internet links.

To limit the bandwidth incoming traffic consumes, you can apply the QoS Policy on the NGFW Engine’s interfaces that are connected to the internal network. This configuration is shown in the following illustration.

Figure: Applying QoS to incoming traffic



In the illustration, traffic is checked against the Access Rules, and allowed traffic is assigned a QoS Class. At the interfaces connected to the internal network, the QoS Policies limiting the bandwidth use are enforced as the traffic is sent onwards.

Limiting the bandwidth in this way requires that the application that is the source of the traffic scales down the transmissions to match the available bandwidth. If an application does not scale down its bandwidth use, any limits you set have no effect. The only option is to control the traffic at your ISP before it reaches the NGFW Engine.