We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

How to configure Traffic Shaping for the HTTP Proxy Service

  • Type: Knowledgebase
  • Date changed: 5 months ago

Solution #00005510


This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x
- netfence firmware versions 4.2.x


Traffic Shaping for HTTP Proxy Service needs be configured to ensure that HTTP / HTTPS / FTP traffic is lower prioritized than other traffic, e.g. VPN traffic.
Although Shaping Connector X is configured in an Outbound-Proxy Rule, Traffic is fed into a wrong shaping connector.


Virtual Shaping Trees and Shaping Connectors are configured to fit your requirements like in Document "Traffic Shaping Howto" available in myphion Download portal.


To make source-based Traffic Shaping possible, the Traffic Shaping engine uses the Shaping Connector of the matching Inbound-Rule and replicates this Shaping Connector to the HTTP Proxy Service outbound-session of the box.

- CEO should be higher prioritized than other stuff. Hence two Firewall Rules are necessary in Inbound Ruleset:


Note the configured Band for Rule 24: Band ID100 CEO is configured with Traffic Shaping for higher priority. Also the source addresses are limited: from to

- Outbound Ruleset is still default: no adaption are necessary. The configured bands are taken from Inbound Ruleset.

- Within the Firewall GUI, LOUT-sessions are tagged with the correct Shaping Band:

- These sessions will be fed into the according Shaping Tree. Check within the Firewall GUI -> Shaping tab

Link to This Page: