Re: Traffic Management/Shaping

vmolinaro · ‎11-11-2003

Does the PIX (Version 6.3 or earlier) support policy-based traffic shaping through the firewall and control the amount of bandwidth used on a given interface (outside, inside or DMZs)? For example, limit (or even guarantee) the amount of traffic based on protocol (HTTP, FTP etc) used for outgoing connections to untrusted sites on a per User basis (or source IP basis)?

Thanks

Vito Molinaro

nkhawaja · ‎11-11-2003

Hi,

No, it is not possible. You are talking about the rate limiting in routers, this feature is not available yet.

But we do have policy NAT that can be based on per protocol or per source/destination IP.

Thanks

Nadeem

vmolinaro · ‎11-11-2003

Could you please give me a breif explanation/example of how I would use policy NAT in this situation.

Thanks

Vito

scoclayton · ‎11-12-2003

Vito,

You cannot use policy NAT to accomplish the items you had in your orginal post. Policy NAT and Policy routing are completely seperate technologies. The idea of policy NAT is to allow the PIX to NAT the IP address on packets based on the destination address. As you can see, this will not help in limiting bandwidth. I believe this is something we are looking at. If this is something you need/require, I would suggest contacting your local account team.

Thanks,

Scott