Configuring a Traffic Profile

This section describes how to use the web UI to configure a traffic profile. A traffic profile defines available bandwidth resources that can be assigned to bandwidth management objects. The traffic profile is referenced by a traffic policy.

Prerequisites

Bandwidth resources available for a specific object have been planned.

Context

Each traffic profile uses multiple parameters to describe and control bandwidth resources, such as upstream and downstream overall guaranteed bandwidth and maximum bandwidth, per-IP-address/per-user guaranteed bandwidth and maximum bandwidth, connection limits, and DSCP priority re-marking.

A traffic profile will be referenced by a traffic policy. Therefore, the upstream and downstream directions in the traffic profile have specific mapping relationship with the directions of the traffic policy. That is, if the direction is the same as that of the traffic policy, the direction is defined as upstream. If not, the direction is defined as downstream. Before you configure a traffic profile, make clear of the actual directions (for example, the direction from the intranet to the Internet is usually called upstream) that upstream and downstream represent and then compare them with the traffic policy configuration (the source address is the IP address of a user, and the destination address is the address of Internet resources).

For example, you can configure either of the following methods to limit the traffic from the trust zone to the untrust zone:

When the source zone of the traffic policy is trust and the destination zone is untrust, configure upstream bandwidth control in the traffic profile (same direction as the traffic policy).
When the source Zone of the traffic policy is untrust and the destination zone is trust, configure downstream bandwidth control in the traffic profile (reverse direction of the traffic policy).

If interface bandwidth has been configured, the bandwidth values in a traffic profile must not exceed the interface bandwidth values. For information about how to set interface bandwidth, see Interfaces.

Configure traffic profiles referenced by parent and child policies based on the following rules:

The guaranteed bandwidth and connection limit specified in a child policy cannot be higher than those specified in the parent policy.
The parent and child policies must reference different traffic profiles.
Both the parent and child policies must set the traffic limiting mode to "setting the upstream and downstream bandwidth" or "setting the overall bandwidth" at the same time. Otherwise, bandwidth control is not accurate.

Procedure

Choose Policy > Bandwidth Management > Traffic Profile.
Click Add.

Set the traffic profile name and traffic limiting mode.

Parameter	Description
Name	Name of a traffic profile. The traffic profile name must be unique.
Traffic Limiting Mode	Upstream and downstream bandwidth: Independently control upstream and downstream bandwidth. Total bandwidth: Implement global control on the total of upstream and downstream bandwidth.

Parameter

Description

Name

Name of a traffic profile.

The traffic profile name must be unique.

Traffic Limiting Mode

Upstream and downstream bandwidth: Independently control upstream and downstream bandwidth.
Total bandwidth: Implement global control on the total of upstream and downstream bandwidth.

Configure Global Traffic Limiting of the traffic profile.

Parameter	Description
Reference Mode	Mode in which a traffic profile is referenced: Exclusive: A traffic profile is referenced by only one traffic policy. Shared: A traffic profile is referenced by multiple traffic policies.
Upstream Bandwidth Maximum/Downstream Bandwidth Maximum/Total Bandwidth Maximum	Maximum available bandwidth for traffic. This parameter is used to limit traffic. The parameter is relevant with the specified traffic limiting mode.
Upstream Bandwidth Guaranteed/Downstream Bandwidth Guaranteed/Total Bandwidth Guaranteed	Minimum available bandwidth for traffic. This parameter specifies the guaranteed bandwidth available for traffic. The parameter is relevant with the specified traffic limiting mode.
Max. Connections	Total concurrent connections in the upstream and downstream directions
Max. Connection Rate	Total new connections in the upstream and downstream directions

Configure Per-IP/User Traffic Limit of the traffic profile.

Parameter	Description
Traffic Limiting Object	Object to which traffic limit is implemented: Per-IP: limits traffic based on IP addresses. Per-User: limits traffic based on users.
Even Distribution	Even Distribution indicates that the FW dynamically distributes the same amount of bandwidth based on the specified maximum bandwidth in global traffic limiting to each online IP address. Even Distribution is mutually exclusively with the manually configured maximum bandwidth and guaranteed bandwidth.
Upstream Bandwidth Maximum/Downstream Bandwidth Maximum/Total Bandwidth Maximum	Maximum available bandwidth for per-IP-address /per-user traffic which is mutually exclusively with Even Distribution. The value cannot be greater than the overall maximum bandwidth. The parameter is relevant with the specified traffic limiting mode.
Upstream Bandwidth Guaranteed/Downstream Bandwidth Guaranteed/Total Bandwidth Guaranteed	Minimum available bandwidth for per-IP-address /per-user traffic which is mutually exclusively with Even Distribution. The total bandwidth of per-IP-address /per-user traffic cannot be greater than the overall guaranteed bandwidth.
Max. Connections	Maximum number of upstream and downstream connections allowed for each IP address or user. The value cannot be greater than Concurrent Connections of global traffic limiting.
Max. Connection Rate	Maximum number of upstream and downstream new connections allowed for each IP address or user. The value cannot be greater than Overall New Connections of global traffic limiting.

Configure Advanced settings for the traffic profile.

Parameter	Description
DSCP Priority Remarking	Modified DSCP value in each packet that matches the traffic policy. This setting allows the upstream and downstream devices of the FW to distinguish traffic based on the remarked DSCP value.
Forwarding Priority	Priority value of upstream traffic to use bandwidth resources. If traffic requires bandwidth higher than the guaranteed bandwidth but lower than the maximum bandwidth, the traffic competes for bandwidth resources with the same type of traffic that is processed using other traffic profiles. Packets with higher priority have a better chance of being forwarded than packets with lower priority. NOTE: If the traffic forwarding priority is set to medium (4) in the traffic profile, traffic policing is used for bandwidth limiting by default; if the traffic forwarding priority is not set to medium (4), traffic shaping is used for bandwidth limiting by default. For more information about traffic policing and traffic shaping, see Traffic Shaping and Traffic Policing.

Parameter

Description

DSCP Priority Remarking

Modified DSCP value in each packet that matches the traffic policy. This setting allows the upstream and downstream devices of the FW to distinguish traffic based on the remarked DSCP value.

Forwarding Priority

Priority value of upstream traffic to use bandwidth resources.

If traffic requires bandwidth higher than the guaranteed bandwidth but lower than the maximum bandwidth, the traffic competes for bandwidth resources with the same type of traffic that is processed using other traffic profiles. Packets with higher priority have a better chance of being forwarded than packets with lower priority.

NOTE:

If the traffic forwarding priority is set to medium (4) in the traffic profile, traffic policing is used for bandwidth limiting by default; if the traffic forwarding priority is not set to medium (4), traffic shaping is used for bandwidth limiting by default. For more information about traffic policing and traffic shaping, see Traffic Shaping and Traffic Policing.

Click OK.