Chapter 7 Bandwidth Limiter

group. The other traffic will not be limited.

Apply to all except the selected address group — the bandwidth limiter will not be

applied if at least one IP address involved in a connection belongs to the address group. Any other traffic will be limited.

In the lower section of the Constraints tab, a time range within which the bandwidth would be limited can be set. Click Edit to edit the selected interval or to create a new one (details in chapter 12.2).

Setting of parameters for detection of large data volume transfers

The Advanced tab enables setting of parameters that will be used for detection of transmissions of large data volume — the minimal volume of transmitted data and inactivity time interval. The default values (200 KB and 5 sec) are optimized in accordance with long-term testing in full action.

Caution! Changes of these values may reduce Bandwidth Limiter performance dra- matically. With exception of special conditions (testing purposes) it is highly recom- mended not to change the default values!

Figure 7.5 Bandwidth Limiter — setting parameters

for detection of large data volume transfers

For detailed description of the detection of large data volume transmissions, refer to chapter 7.3.

7.3 Detection of connections with large data volume transferred

This chapter provides description of the method used by the Bandwidth Limiter module to detect connections where large data volumes are transmitted. This description is an extra information which is not necessary for usage of the Bandwidth Limiter module.

Network traffic is different for individual services. For example, web browsers usually access sites by opening one or more connections and using them to transfer certain amount of data (objects included at the page) and then closes the connections. Termi- nal services (e.g. Telnet, SSH , etc.) typically use an open connection to transfer small

118

Page 118
Image 118
Kerio Tech Firewall6 manual Detection of connections with large data volume transferred, 118