Firewall Protection
163
ProSecure Unified Threat Management (UTM) Appliance
interface that you specify. For inbound traffic, you can apply bandwidth profiles to a LAN
interface for all WAN modes. Bandwidth profiles do not apply to the DMZ interface.
When a new connection is established by a device, the device locates the firewall rule
corresponding to the connection.
• If the rule has a bandwidth profile specification, the device creates a bandwidth class in
the kernel.
• If multiple connections correspond to the same firewall rule, the connections all share the
same bandwidth class.
An exception occurs for an individual bandwidth profile if the classes are per-source IP
address classes. The source IP address is the IP address of the first packet that is
transmitted for the connection. So for outbound firewall rules, the source IP address is the
LAN-side IP address; for inbound firewall rules, the source IP address is the WAN-side IP
address. The class is deleted when all the connections that are using the class expire.
After you have created a bandwidth profile, you can assign the profile to firewall rules and
application control profiles on the following screens:
• Add LAN WAN Outbound Services screen (see Figure 66 on page 132).
• Add LAN WAN Inbound Services screen (see Figure 67 on page 133).
• Application Control Policy pop-up screens (see Figure 129 on page 231 and Figure 130
on page 231). You can access these pop-up screens from the Add or Edit Application
Control Profile screen (see Figure 128 on page 229).
 To add and enable a bandwidth profile:
1. Select Network Security > Services > Bandwidth Profiles. The Bandwidth Profiles
screen displays. (The following figure shows one user-defined profile in the List of
Bandwidth Profiles table as an example.)
Figure 93.
To Next Page
Loading...
Need help?
General