Solution #00005510
- NG Firewall firmware versions 4.2.x, 5.0.x
- netfence firmware versions 4.2.x
Traffic Shaping for HTTP Proxy Service needs be configured to ensure that HTTP / HTTPS / FTP traffic is lower prioritized than other traffic, e.g. VPN traffic.
Although Shaping Connector X is configured in an Outbound-Proxy Rule, Traffic is fed into a wrong shaping connector.
Virtual Shaping Trees and Shaping Connectors are configured to fit your requirements like in Document "Traffic Shaping Howto" available in myphion Download portal.
To make source-based Traffic Shaping possible, the Traffic Shaping engine uses the Shaping Connector of the matching Inbound-Rule and replicates this Shaping Connector to the HTTP Proxy Service outbound-session of the box.
- CEO should be higher prioritized than other stuff. Hence two Firewall Rules are necessary in Inbound Ruleset:
Note the configured Band for Rule 24: Band ID100 CEO is configured with Traffic Shaping for higher priority. Also the source addresses are limited: from 10.0.10.90 to 10.0.10.99.
- Outbound Ruleset is still default: no adaption are necessary. The configured bands are taken from Inbound Ruleset.
- Within the Firewall GUI, LOUT-sessions are tagged with the correct Shaping Band:
- These sessions will be fed into the according Shaping Tree. Check within the Firewall GUI -> Shaping tab