ConfigurationexamplesfortheD-Link
NetDefendFirewallries
DFL-210/260/800/860/1600/2500
Scenario:Howtoconfiguretrafficmanagementfor
QualityofServiceassurance
Lastupdate:2007-08-02
Overview
Inthisdocument,thenotationObjects->Addressbookmeansthatinthetreeontheleftsideof
thescreenObjectsfirstshouldbeclicked(expanded)andthenAddressBook.
ettingscan
ydifferenceisthenamesofthe
heDFL-1600andDFL-2500hasmorethanonelaninterface,thelaninterfaces
arenamedlan1,lan2andlan3notjustlan.
reusinganearlier
versionofthefirmware,thescreenshotsmaynotbeidenticaltowhatyoueonyourbrowr.
2
HowtoconfiguretrafficmanagementforQualityofServiceassurance
ThisscenarioisaboutcustomersintendedtoensureimportantapplicationswithEmail,Weband
filetransferthatcanobtainguaranteebandwidthforbusinessrequirementinLANenvironment.
Andalso,Emailcommunicationistheirfirstpriority;Webapplicationiscondpriorityandfile
transferisthirdprioritydependsoncompanypolicy.
Detailforthisscenario:
-Internetupstream/downstreamcommitrateis2000Kbps/2000Kbps.
-SMTPprotocolwithBi-direction:Thebandwidthisguaranteedto800Kbpsandthemaximum
bandwidthlimitis1600Kbps.
-HTTP/HTTPSprotocolwithBi-direction:Thebandwidthisguaranteedto600Kbpsandthe
maximumbandwidthlimitis1200Kbps.
-FTPprotocolwithBi-direction:Thebandwidthisguaranteedto400Kbpsandthemaximum
bandwidthlimitis800Kbps.
-OtherprotocolswithBi-direction:
burstitstraffictouallavailablebandwidthifSMTP/HTTP/HTTPS/FTPisnotfulltrafficload.
-SMTPisfirstpriority;precedencewillbeassignedto7.
-HTTP/HTTPSiscondpriority;theprecedencewillbeassignedto5.
-FTPisthirdpriority;theprecedencewillbeassignedto3.
Thefollowingprocedurewillgothroughhowfirewallprioritizestrafficforspecificprotocols.
Exceptforprovidinggeneralbandwidthcontrolfunctionality,it’sabletoburstadditional
bandwidthtoefficientlyutilizetherestofbandwidthifit’savailableatthattime.
3
aceaddressanddefaultgateway.
GotoObjects->Addressbook->InterfaceAddress:
Editthefollowingitems:
Changelan_ipto192.168.1.1
Changelannetto192.168.1.0/24
Changewan1_ipto192.168.110.1
Changewan1netto192.168.110.0/24
Changewan1_gwto192.168.110.254(Ifthisobjectdoesnotexist,createanewone)
GotoObjects->Interfaces->Ethernet:
Selectwan1interface
Selectthewan1_gwonDefaultGatewaydrop-downmenuforwan1interface
ClickOK.
4
llIPRules
GotoRules->IPRules.
CreateoneIPruleforSMTPprotocol:
IntheGeneraltab:
General:
Name:SMTP_BW_Control
Action:NAT
Service:smtp
SourceInterface:lan
SourceNetwork:lannet
DestinationInterface:wan1
DestinationNetwork:all-nets
ClickOk.
5
CreateoneIPruleforHTTPprotocol:
IntheGeneraltab:
General:
Name:HTTP_BW_Control
Action:NAT
Service:http-all
SourceInterface:lan
SourceNetwork:lannet
DestinationInterface:wan1
DestinationNetwork:all-nets
ClickOk.
6
CreateoneIPruleforFTPprotocol:
IntheGeneraltab:
General:
Name:FTP_BW_Control
Action:NAT
Service:ftp-passthrough
SourceInterface:lan
SourceNetwork:lannet
DestinationInterface:wan1
DestinationNetwork:all-nets
ClickOk.
7
CreateoneIPruleforothersprotocol:
IntheGeneraltab:
General:
Name:Others_BW_Control
Action:NAT
Service:all_rvices
SourceInterface:lan
SourceNetwork:lannet
DestinationInterface:wan1
DestinationNetwork:all-nets
ClickOk.
8
pipeforeachprotocol
GotoTrafficManagement->TrafficShaping->Pipes.
AddanewPipeforSMTPDownstream
IntheGeneraltab:
General:
Name:SMTP_Downstream
Precedences:Keepitasdefaultvaluewith0,0,7
InthePipeLimitstab:
PipeLimits:
Precedence0~7:Keepitas“blank”bydefault
Totalkilobitspercond:1600
ClickOk.
9
AddanewPipeforSMTPUpstream
IntheGeneraltab:
General:
Name:SMTP_Upstream
Precedences:Keepitasdefaultvaluewith0,0,7
InthePipeLimitstab:
PipeLimits:
Precedence0~7:Keepitas“blank”bydefault
TotalKilobitspercond:1600
ClickOk.
10
AddanewPipeforHTTPDownstream
IntheGeneraltab:
General:
Name:HTTP_Downstream
Precedences:Keepitasdefaultvaluewith0,0,7
InthePipeLimitstab:
PipeLimits:
Precedence0~7:Keepitas“blank”bydefault
Totalkilobitspercond:1200
ClickOk.
11
AddanewPipeforHTTPUpstream
IntheGeneraltab:
General:
Name:HTTP_Upstream
Precedences:Keepitasdefaultvaluewith0,0,7
InthePipeLimitstab:
PipeLimits:
Precedence0~7:Keepitas“blank”bydefault
Totalkilobitspercond:1200
ClickOk.
12
AddanewPipeforFTPDownstream
IntheGeneraltab:
General:
Name:FTP_Downstream
Precedences:Keepitasdefaultvaluewith0,0,7
InthePipeLimitstab:
PipeLimits:
Precedence0~7:Keepitas“blank”bydefault
Totalkilobitspercond:800
ClickOk.
13
AddanewPipeforFTPUpstream
IntheGeneraltab:
General:
Name:FTP_Upstream
Precedences:Keepitasdefaultvaluewith0,0,7
InthePipeLimitstab:
PipeLimits:
Precedence0~7:Keepitas“blank”bydefault
Totalkilobitspercond:800
ClickOk.
14
AddanewPipeforTotalDownstreamcommitrate
IntheGeneraltab:
General:
Name:Total_Downstream
Precedences:Keepitasdefaultvaluewith0,0,7
InthePipeLimitstab:
PipeLimits:
Precedence7:800
Precedence5:600
Precedence3:400
Totalkilobitspercond:2000
ClickOk.
15
AddanewPipeforTotalUpstreamcommitrate
IntheGeneraltab:
General:
Name:Total_Upstream
Precedences:Keepitasdefaultvaluewith0,0,7
InthePipeLimitstab:
PipeLimits:
Precedence7:800
Precedence5:600
Precedence3:400
Totalkilobitspercond:2000
ClickOk.
16
CheckallPipesttingisshownasfollowingscreenshotthengotonextstep.
17
piperuleforeachprotocol
GotoTrafficManagement->TrafficShaping->PipeRules.
wPipeRuleforSMTPprotocol
IntheGeneraltab:
General:
Name:SMTP_Shaping
Service:smtp
SourceInterface:lan
SourceNetwork:lannet
DestinationInterface:wan1
DestinationNetwork:all-nets
18
IntheTrafficShapingtab:
TrafficShaping:
SelectedForwardChain:SMTP_Upstream,Total_Upstream
SelectedReturnChain:SMTP_Downstream,Total_Downstream
Note:
TheSMTPPipes(SMTP_UpstreamorSMTP_Downstream)mustbeputupperonTotalbandwidth
commitrate(Total_UpstreamorTotal_Downstream).
Precedence:
UFixedPrecedence:7
ClickOk.
19
wPipeRuleforHTTPprotocol
IntheGeneraltab:
General:
Name:HTTP_Shaping
Service:http-all
SourceInterface:lan
SourceNetwork:lannet
DestinationInterface:wan1
DestinationNetwork:all-nets
20
IntheTrafficShapingtab:
TrafficShaping:
SelectedForwardChain:HTTP_Upstream,Total_Upstream
SelectedReturnChain:HTTP_Downstream,Total_Downstream
Note:
TheHTTPPipes(HTTP_UpstreamorHTTP_Downstream)mustbeputupperonTotalbandwidth
commitrate(Total_UpstreamorTotal_Downstream).
Precedence:
UFixedPrecedence:5
ClickOk.
21
wPipeRuleforFTPprotocol
IntheGeneraltab:
General:
Name:FTP_Shaping
Service:ftp-passthorugh
SourceInterface:lan
SourceNetwork:lannet
DestinationInterface:wan1
DestinationNetwork:all-nets
22
IntheTrafficShapingtab:
TrafficShaping:
SelectedForwardChain:FTP_Upstream,Total_Upstream
SelectedReturnChain:FTP_Downstream,Total_Downstream
Note:
TheFTPPipes(FTP_UpstreamorFTP_Downstream)mustbeputupperonTotalbandwidth
commitrate(Total_UpstreamorTotal_Downstream).
Precedence:
UFixedPrecedence:3
ClickOk.
23
wPipeRuleforOtherprotocols
IntheGeneraltab:
General:
Name:Other_Protocols
Service:all-rvices
SourceInterface:lan
SourceNetwork:lannet
DestinationInterface:wan1
DestinationNetwork:all-nets
24
IntheTrafficShapingtab:
TrafficShaping:
SelectedForwardChain:Total_Upstream
SelectedReturnChain:Total_Downstream
Precedence:
UFixedPrecedence:0
ClickOk.
MakesurethePipeRulettingisshownasfollowingscreenshotthenSaveandactivatethe
configuration
本文发布于:2023-03-13 12:55:59,感谢您对本站的认可!
本文链接:https://www.wtabcd.cn/fanwen/zuowen/1678683361237204.html
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系,我们将在24小时内删除。
本文word下载地址:限制流量.doc
本文 PDF 下载地址:限制流量.pdf
| 留言与评论(共有 0 条评论) |