Traffic shaping rules are configured at the network-policy traffic-shaping level using the UPL language syntax. For more details on the command structure, see Configuring Rules Using UPL.
To create a traffic shaping rule, use the following command:
Admin@nodename# create network-policy traffic-shaping <position> upl-rule
Traffic shaping rule settings:
|
Parameter |
Description |
|---|---|
|
PASS OK |
Action to create a rule using UPL. |
|
enabled |
Enable/disable a rule:
|
|
name |
Traffic shaping rule name. Example: name("Traffic shaping rule example"). |
|
desc |
A description of the rule. Example: desc("The example of traffic shaping rule configured in CLI"). |
|
bandwidth_pool |
The bandwidth pool, e.g., bandwidth_pool("1 Mbps"). For more details about creating and configuring bandwidth pools, see Configuring Bandwidth Pools. |
|
scenario |
Scenario that needs to be active for the rule to trigger. To specify a scenario: scenario = "Example of a scenario". For more details on configuring scenarios, see Configuring scenarios. |
|
rule_log |
Log traffic information if the rule is triggered. The available options are:
|
|
src.zone |
Traffic source zone. To specify a source zone, such as Trusted: src.zone = Trusted. For more details about how to configure zones using CLI, see the Zones section. |
|
src.ip |
Add source IP address or domain lists. To specify a list of IP addresses: src.ip = lib.network(). Provide the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see the Configuring IP addresses section. To specify a source domain list: src.ip = lib.url(). Provide the URL to which the desired domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see the Configuring URL Lists section. |
|
src.geoip |
Source GeoIP. Specify a country code (for example, src.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! The maximum number of GeoIPs that can be specified is limited to 15. |
|
user |
Users and user groups for which the traffic shaping rule applies (local or LDAP). To add LDAP groups and users, you need to have a correctly configured LDAP connector (for more information about configuring LDAP connectors via the CLI, see the Configuring LDAP Connectors section). Examples of adding users to a traffic shaping rule: user = known user = "user" user = "testd.local\\user1" user = ("user", "testd.local\\user1") |
|
dst.zone |
Traffic destination zone. To specify the destination zone, use: dst.zone = Untrusted. For more details about how to configure zones using CLI, see the Zones section. |
|
dst.ip |
Add lists of destination IP addresses or domains. To specify a list of IP addresses: dst.ip = lib.network(). Provide the list name in parentheses. For more details about how to create and configure IP address lists using CLI, see the Configuring IP addresses section. To specify a destination domain list: dst.ip = lib.url(). Provide the URL to which the desired domains were added in parentheses. For more details about how to create and configure URL lists using the CLI, see the Configuring URL Lists section. |
|
dst.geoip |
To specify a destination GeoIP, it is necessary to specify a country code (for example, dst.geoip = AE). Click here for the list of ISO 3166-1 country codes. Important! The maximum number of GeoIPs that can be specified is limited to 15. |
|
service |
Service type. You can specify a service or a services group (for more details, see Configuring services and Configuring services groups). To specify a single service: service = "service name". To specify multiple services: service = (service-name1, service-name2, ...). To specify a service group: service = lib.service(). Provide the services group name in parentheses. |
|
application |
List of applications to which this rule applies. You can specify:
|
|
time |
Set a schedule for a rule. To set a schedule: time = lib.time(). Specify a time set group name in parentheses. For more details on configuring time sets, see Configuring time sets. |
To edit a traffic shaping rule, use the following command:
Admin@nodename# set network-policy traffic-shaping <position> upl-rule
To view all traffic shaping rules, use the following command:
Admin@nodename# show network-policy traffic-shaping
To view a specific traffic shaping rule, use the following command:
Admin@nodename# show network-policy traffic-shaping <position>
Example command to create a traffic shaping rule using UPL:
Admin@nodename# create network-policy traffic-shaping 1 upl-rule OK \ ...user = known \ ...src.zone = Trusted \ ...dst.zone = Untrusted \ ...service = (HTTP, HTTPS) \ ...time = lib.time("Working hours") \ ...rule_log(session) \ ...bandwidth_pool("1 Mbps") \ ...name("Test traffic shaping rule") \ ...desc("Test traffic shaping rule description") \ ...enabled(true) ... Admin@nodename# show network-policy traffic-shaping 1 % ----------------- 1 ----------------- OK \ user = known \ src.zone = Trusted \ dst.zone = Untrusted \ service = (HTTP, HTTPS) \ time = lib.time("Working hours") \ desc("Test traffic shaping rule description") \ rule_log(session) \ bandwidth_pool("1 Mbps") \ enabled(true) \ id(e63c34e6-af7f-4a4d-a29d-b51d4070655c) \ name("Test traffic shaping rule")
To delete a traffic shaping rule, use the following command:
Admin@nodename# delete network-policy traffic-shaping <position>