Example: limiting bandwidth

Company C has experienced a radical increase in the amount of network traffic and wants to limit non-essential traffic to prioritize business communications.

It seems that many employees use bandwidth-intensive services, download large files, and listen to high-quality Internet radio streams. The situation is starting to slow down business communications. Management would rather prohibit connections that are not directly work-related than fund the required increase in bandwidth.

However, the administrators suggest a different approach: limiting the portion of the bandwidth that non-essential traffic can use, so some employees can still listen to Internet radio, while business communications are guaranteed the bandwidth they need. To ensure the quick delivery of time-critical business communications, they also decide to prioritize the traffic using the three default QoS Classes.

The administrators:
  1. Create a custom QoS Policy with the following rules:
    Table 1. QoS rules in QoS Policy for Company C
    QoS Class Priority Guarantee Limit
    High Priority 1 35% 90%
    Normal Priority 8 55% 90%
    Low Priority 16 5% 50%
    • Normal Priority traffic gets the largest guaranteed portion of the bandwidth because it has the largest volume.
    • High Priority and Normal Priority traffic can each use up to 90% of the bandwidth. Low Priority traffic cannot consume more than 50% of the available bandwidth even if there is more bandwidth available. In this configuration, there must be traffic in at least two of the classes for the bandwidth to be used up to 100%.
    • Even Low Priority traffic is given 5% of the bandwidth to avoid total loss of service, which can cause more complaints from users than slowed-down service.
  2. Place a Continue rule at the top of the firewall Access rules that includes the Normal Priority QoS Class. This way, all traffic that is not classified as High Priority or Low Priority is classified as Normal Priority.
  3. Edit the Access rules to assign QoS Classes to traffic:
    • Place the High Priority QoS Class into Access rules that permit important traffic.
    • Place the Low Priority QoS Class into Access rules that permit low-importance traffic.
  4. Define the types of throughput and select the new custom QoS Policy to be used for the Physical Interfaces connected to the Internet on the firewall.
  5. Refresh the policy of the firewall.