It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

How to configure Traffic Shaping for the HTTP Proxy Service

  • Type: Knowledgebase
  • Date changed: one year ago

Solution #00005510

 

Scope:
This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x
- netfence firmware versions 4.2.x

 
Symptoms:

Traffic Shaping for HTTP Proxy Service needs be configured to ensure that HTTP / HTTPS / FTP traffic is lower prioritized than other traffic, e.g. VPN traffic.
Although Shaping Connector X is configured in an Outbound-Proxy Rule, Traffic is fed into a wrong shaping connector.
 
 

Solution:

Virtual Shaping Trees and Shaping Connectors are configured to fit your requirements like in Document "Traffic Shaping Howto" available in myphion Download portal.


 

To make source-based Traffic Shaping possible, the Traffic Shaping engine uses the Shaping Connector of the matching Inbound-Rule and replicates this Shaping Connector to the HTTP Proxy Service outbound-session of the box.


- CEO should be higher prioritized than other stuff. Hence two Firewall Rules are necessary in Inbound Ruleset:

 








Note the configured Band for Rule 24: Band ID100 CEO is configured with Traffic Shaping for higher priority. Also the source addresses are limited: from 10.0.10.90 to 10.0.10.99.


- Outbound Ruleset is still default: no adaption are necessary. The configured bands are taken from Inbound Ruleset.








- Within the Firewall GUI, LOUT-sessions are tagged with the correct Shaping Band:




















- These sessions will be fed into the according Shaping Tree. Check within the Firewall GUI -> Shaping tab

















Link to This Page:
https://campus.barracuda.com/solution/50160000000IR5iAAG