It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

This Product is End-of-Life and End-Of-Support

End-Of-Life and End-Of-Support on December 1st, 2020: All Barracuda Firewall X-Series sales will cease; neither new sales nor any renewals will be available. If you currently hold a maintenance and support contract, you will continue to receive our award-winning support and services until your contract expires. Please see the End-Of-Life definition as described in the End of Support and End of Life Information.

How to Configure Bandwidth Policies or QoS

  • Last updated on

Limited network resources make bandwidth prioritization necessary. To ensure that important, business-critical applications are given enough bandwidth, the Barracuda NextGen Firewall X-Series provides traffic shaping (also known as "packet shaping" and "Quality of Service") methods to let you prioritize network resources according to factors such as the time of day, application type, and user identity. You can identify the traffic and assign its priority using firewall rules.

Bandwidth Policies

There are eight different bandwidth policies. They are listed in the following table, in order of decreasing priority:

Bandwidth PolicyDescription
VoIPHighest priority before all other bandwidth policies. Traffic is sent with no delay.
InteractiveHighest priority.
BusinessVery high priority.
InternetMedium priority. If more than 10 MB of data is transferred in one session, the priority of the traffic in that session drops to the same as Background.
BackgroundNext lower priority.
LowLow priority. Low and Lowest Priority are limited to 5% of the available bandwidth.
Lowest PriorityLowest priority. Low and Lowest Priority are limited to 5% of the available bandwidth.
Choke

Applications assigned this are unusable, but will not seek another way to send traffic. For example, if you wish to block Skype traffic, assign this policy to the Skype application.

Queues and Rate Limits

The following diagram shows how the eight bandwidth policies are divided into queues:

  • The Priority Queues always take precedence. 
  • The Regular Queues can use unlimited bandwidth. 
  • The Rate Limiting Queues are collectively limited to 5% of the maximum link bandwidth. 

The rate limits always apply, so even if there is no other traffic, the traffic in the Rate Limiting Queues never uses more than 5% of the bandwidth.

The classes within the Regular and Rate Limiting queues are weighted relative to the other classes in the same queue. Class weights are enforced only when the link is saturated. 

qos_scheme.png

Customize the Class Weights and Rate Limits

On the FIREWALL > QoS page, you can set the weight ratios for the classes within the same queue and modify some of the rate limits.

Assign a Bandwidth Policy to a Firewall Rule

Before you begin, verify that you specified a bandwidth for each interface you want to enable QoS on:

  1. Go to NETWORK > IP Configuration
  2. In the Network Interface Configuration section, select the interface and click the No/Yes link in the Use QoS column.
  3. Enter the bandwidth assigned by your ISP for outbound and inbound connections.

To assign a bandwidth policy to an access rule:

  1. Go to FIREWALL > Firewall Rules and edit the rule.
  2. Select the bandwidth policy from the Adjust Bandwidth drop-down menu.

Monitor Bandwidth Policy Assignment

To monitor which bandwidth policy is assigned to active network sessions, go to the BASIC > Active Connections page. The assigned policy of a network session is displayed in the Bandwidth Policy column. You can also manually override the assigned bandwidth policy by using the drop-down menu in the Bandwidth Policy column.