7.4. Traffic Shaping

Traffic shaping rules are used to limit the bandwidth for certain users, hosts, services, or applications.

Note

The rules are applied top to bottom in their listing order. Only the first rule in which all conditions are matched is applied. This means that more specific rules must be placed higher in the list than more general ones. To change the order in which the rules will be applied, use the Up/Down and Top/Bottom buttons or drag and drop the rules with the mouse.

Note

The Negate checkbox changes the condition to the opposite, which corresponds to a Boolean NOT (negation).

To create a traffic shaping rule, go to the Network policies --> Traffic shaping section, click Add, and provide the desired settings.

Name

Description

Enabled

Enables or disables the rule.

Name

The name of the rule.

Description

A description of the rule.

Bandwidth pools

Select one of the bandwidth pools. A bandwidth pool can optionally change the priority tags of DSCP traffic. For instructions on how to create more bandwidth pools, see the section Bandwidth Pools.

Scenario

The scenario that must be active for the rule to be triggered. For more details on how scenarios work, see the section Scenarios.

Important! A scenario is an additional condition. If the scenario was not triggered (one or more scenario triggers did not occur), the rule will not be triggered.

Logging

Logs traffic information when the rule is triggered. The available options are:

  • Log session start: only the session start (first packet) will be recorded in the traffic log. This is the recommended logging option.

  • Log all network packets: every transmitted network packet will be logged. For this mode, it is recommended to enable the logging limit to prevent high device load.

  • None. Nothing will be logged.

Source

The zone, IP address lists, GeoIP address lists, or URL lists of the traffic source.

The URL list must include only domain names. Every 5 minutes UserGate resolves domain names into IP addresses and stores the result in the internal cache for the DNS record's time-to-live (TTL). When the TTL expires, UserGate automatically updates the IP address value.

Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15.

Important! Traffic processing performed with the following statements:

  • applying logic OR if several IP lists and/or domain lists are specified;

  • applying logic AND if several GeoIP and lists of IPs and/or domains are specified.

Users

The users or user groups to which this rule will be applied.

Destination

The zone, IP address lists, GeoIP address lists, or URL lists of the traffic destination.

The URL list must include only domain names. Every 5 minutes UserGate resolves domain names into IP addresses and stores the result in the internal cache for the DNS record's time-to-live (TTL). When the TTL expires, UserGate automatically updates the IP address value.

Important! There is a limit on the number of GeoIPs that can be specified: the number cannot exceed 15.

Important! Traffic processing performed with the following statements:

  • applying logic OR if several IP lists and/or domain lists are specified;

  • applying logic AND if several GeoIP and lists of IPs and/or domains are specified.

Service

The service type, such as HTTP, HTTPS or other.

Applications

The list of applications for which bandwidth needs to be limited.

Time

The time when this rule will be active.