It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda NextGen Firewall X

How to configure Traffic Shaping for the HTTP Proxy Service

  • Type: Knowledgebase
  • Date changed: one year ago

Solution #00005510


This solution replies to:
- NG Firewall firmware versions 4.2.x, 5.0.x
- netfence firmware versions 4.2.x


Traffic Shaping for HTTP Proxy Service needs be configured to ensure that HTTP / HTTPS / FTP traffic is lower prioritized than other traffic, e.g. VPN traffic.
Although Shaping Connector X is configured in an Outbound-Proxy Rule, Traffic is fed into a wrong shaping connector.


Virtual Shaping Trees and Shaping Connectors are configured to fit your requirements like in Document "Traffic Shaping Howto" available in myphion Download portal.


To make source-based Traffic Shaping possible, the Traffic Shaping engine uses the Shaping Connector of the matching Inbound-Rule and replicates this Shaping Connector to the HTTP Proxy Service outbound-session of the box.

- CEO should be higher prioritized than other stuff. Hence two Firewall Rules are necessary in Inbound Ruleset:


Note the configured Band for Rule 24: Band ID100 CEO is configured with Traffic Shaping for higher priority. Also the source addresses are limited: from to

- Outbound Ruleset is still default: no adaption are necessary. The configured bands are taken from Inbound Ruleset.

- Within the Firewall GUI, LOUT-sessions are tagged with the correct Shaping Band:

- These sessions will be fed into the according Shaping Tree. Check within the Firewall GUI -> Shaping tab

Link to This Page: