SANGFOR NGFW

Bandwidth Management
 Training Content Training Objective

1. To understand the usage of virtual line, master

NGFW BM Introduction
virtual line policy and configuration method.

NGFW BM 1. Grasp the bandwidth channel configuration

Configuration method, able to configure BM according to user's
requirement.

NGFW Virtual Wire 1. Understand the usage and configuration of

function Introduction exclude policy
Bandwidth Management
Introduction
 BM Introduction
• Bandwidth management function is to allocate
bandwidth for Internet access of each local user
and is mainly used for the ISP bandwidth
control. SANGFOR traffic management system
is based on the queue (Per Flow Queuing) traffic
handling mechanisms to help users build a real
sense of the visual , controllable and efficient
network optimization . NGFW flow control
management is similar to the IAM module but it
requires external netwok interface with WAN
property to take effect.
 BM Introduction
1. What applications can be control?

a. Online application

• SANGFOR using DPI ( deep packet content inspection ) and DFI ( dynamic flow state detection )
technology that can identify almost all the applications on the Internet , and precisely control of traffic
management . Flow control is more commonly used applications : P2P, P2P streaming media , file
downloads , MEDIA, HTTP applications, e-mail and so on.

b. Website
• Traffic management can be done based on different types of websites

c. File tpye
• Traffic management can be done based on different types of files.

2. What are the applicable objects?

a. User/Group in Organisation structure

b. Single IP or IP range
 Case Study

Background :
• Customer has a 100M Internet line , 200 peoples within the network,
administrator complained online speed slow, NGFW device is going to
be deployed as route mode and as gateway in the network. Customers
want NGFW device to solve this problem, but customers do not want to
block any application on any user, as well as no restrictions on Internet
surfing for manager.
 Case Study
Problem Analysis

• Similar complaints about slow Internet customers , which are mostly high-
bandwidth software (P2P, Thunder , online video ) devour bandwidth ,
resulting in slower access to the site , but the client does not want to use the
block feature, so we can use the flow control function to unreasonable
application bandwidth control in a reasonable range.
 Case Study

Bandwidth control policy configuration:

3 key points

Line bandwidth Application objects

 Case Study
Bandwidth management policy configuration recommendations
according to the customer's needs :

• For staffs,limit P2P ,P2P STREAM,P2P Video,Download Tools to

30% of total bandwidth ， and "Max Bandwidth Per User" 125KB.
 Case Study

Before start configuring flow control

Attention policy , check the rule base application
and URL library whether updated to the
latest version!
 Configuration
Step 1 : Ensure WAN attribute is enabled on WAN interface (NGFW flow
control is effective only on the WAN interface has WAN attribute)

Virtual Wire
Bridge
Route
 Configuration
Step 2 ： Set the actual bandwidth public network lines

Add New line for

multiple WANs
 Configuration
Step3 : Add a new Bandwidth Channel
• Limit download speed of P2P application for staffs
 Result
Bandwidth Configuration verification method:

1. Client side ：
• Use a P2P download tool to download movie and observe the
download speed to determine whether it is limited to 125KB, if yes,
then disable the related BM policy and observe the speed again,
see whether it increases or not.

Note : Do not uses P2P download tool to download a song during

testing because it uses single thread/session which not in our
control.
 Result
2. NGFW testing method ：
• [Bandwidth Monitor] under [Status] has [WAN speed] module to analyze, observe the
instantaneous rate and number of users for each flow in the channel and check the flow
control is effective.
 Consideration
1. Bandwidth management in connection matches only one channel in order of
from top channel to down.

2. Bandwidth management channel exclusion policy does not take effect , user
that is matched to the exclusion of the application and destination IP Group
Policy does not control by the BM policy and speed control
 Practice

Customer Requirement ：
•50M ISP bandwidth, the software required high-bandwidth downloads
can not exceed 10M, Youtube and other similar online video streaming
should be able to watch but can not use up too much bandwidth

•According to user's requirement, give suggestion to customer

regarding BM in NGFW and the related configuration
 FAQ

1. NGFW bandwidth management require WAN attribute on interface?

2. 1MB/s equals to how many Kb/s?

www.sangfor.com