Chapter 28 Application Patrol

HTTP traffic needs to be given priority over FTP traffic.

FTP traffic from the WAN to the DMZ must be limited so it does not interfere with SIP and HTTP traffic.

FTP traffic from the LAN1 to the DMZ can use more bandwidth since the interfaces support up to 1 Gbps connections, but it must be the lowest priority and limited so it does not interfere with SIP and HTTP traffic.

Figure 270 Application Patrol Bandwidth Management Example

SIP: Any to WAN

SIP: WAN to Any

Outbound: 200 Kbps

Outbound: 200 Kbps

Inbound: 200 Kbps

Inbound: 200 Kbps

Priority: 1

Priority: 1

Max. B. U.

Max. B. U.

HTTP: Any to WAN

 

Outbound: 100 Kbps

 

Inbound: 500 Kbps

 

Priority: 2

 

Max. B. U.

 

FTP: WAN to DMZ

ADSL

Up: 1 Mbps

Outbound: 100 Kbps

Down 8 Mbps

Inbound: 300 Kbps

Priority: 3

 

No Max. B. U.

 

 

FTP: LAN1 to DMZ

 

Outbound: 50 Mbps

 

Inbound: 50 Mbps

 

Priority: 4

 

No Max. B. U.

28.1.3.1 Setting the Interface’s Bandwidth

Use the interface screens to set the WAN zone interface’s upstream bandwidth to be equal to (or slightly less than) what the connected device can support. This example uses 1000 Kbps.

28.1.3.2SIP Any to WAN Bandwidth Management Example

Manage SIP traffic going to the WAN zone from a VIP user on the LAN or DMZ.

Outbound traffic (to the WAN from the LAN and DMZ) is limited to 200 kbps. The ZyWALL applies this limit before sending the traffic to the WAN.

Inbound traffic (to the LAN and DMZ from the WAN) is also limited to 200 kbps. The ZyWALL applies this limit before sending the traffic to LAN or DMZ.

Highest priority (1). Set policies for other applications to lower priorities so the SIP traffic always gets the best treatment.

444

 

ZyWALL USG 50 User’s Guide