Policy Configuration : Understanding the Network Access Rules Hierarchy
Configuring Bandwidth Management
The following sections describe SonicWALL’s implementation of Bandwidth Management (BWM):
Understanding Bandwidth Management
Configuring Bandwidth Management
* 
TIP: For more information on SonicWALL Bandwidth Management, including configuration examples, see the SonicOS Administrator Guide.
Understanding Bandwidth Management
BWM is controlled by the SonicWALL security appliance on ingress and egress traffic. It allows network administrators to guarantee minimum bandwidth and prioritize traffic based on access rules created in the Firewall > Access Rules page on the SonicWALL management interface. By controlling the amount of bandwidth to an application or user, the network administrator can prevent a small number of applications or users to consume all available bandwidth. Balancing the bandwidth allocated to different network traffic and then assigning priorities to traffic can improve network performance. Anti-Spam provides eight priority queues (0 – 7 or Realtime – Lowest).
Three types of bandwidth management are available:
 
Table 32. Bandwidth management types
BWM Type
Description
WAN
Only WAN zones can have assigned guaranteed and maximum bandwidth to services and have prioritized traffic.
Default WAN BWM queues:
0 — Realtime
5 — Medium
7 — Low
Global
(Default) All zones can have assigned guaranteed and maximum bandwidth to services and have prioritized traffic. When global BWM is enabled on an interface, all of the traffic to and from that interface is bandwidth managed.
Default Global BWM queues:
2 — High
4 — Medium: Default priority for all traffic that is not managed by a BWM enabled Firewall Access rule or Application Control Policy.
6 — Low
None
Disables BWM.
When global BWM is enabled on an interface, all of the traffic to and from that interface is bandwidth managed.
For example, with bandwidth management type none, if there are three traffic types (1, 2, and 3) that are using an interface with the link capability of 100Mbps, the cumulative capacity for all three types is 100Mbps.
Then when bandwidth management type Global is enabled on that interface and the available ingress and egress traffic are configured to 10Mbps, the following occurs:
By default, the traffic types are sent to the Medium (4) Priority queue. This queue has, by default, a Guaranteed percentage of 50 and a Maximum percentage of 100. These values mean that the cumulative link capability is 10Mbps with no global BWM enabled policies configured.
Packet Queuing
BWM rules each consume memory for packet queuing, so the number of allowed queued packets and rules on SonicOS Enhanced is limited by platform (values are subject to change):
 
Table 33. Memory for packet queuing
Platform
Max Queued Packets
Max Total BWM Rules
TZ 170 Family
220
40
PRO 1260
220
40
PRO 2040
520
50
PRO 3060
2080
200
PRO 4060
2080
200
PRO 5060
6240
200
NSA 3500
2080
100
NSA 4500
2080
100
NSA 5000
2080
100
NSA E5500
6420
100
NSA E6500
6420
100
NSA E7500
6420
100
Configuring Bandwidth Management
Configuring BWM is a three step process:
1
Enable bandwidth management on the Firewall > BWM page.
2
Enable BWM on an interface/firewall/app rule
3
Allocate the available bandwidth for that interface on the ingress and egress traffic. It then assigns individual limits for each class of network traffic.
By assigning priorities to network traffic, applications requiring a quick response time, such as Telnet, can take precedence over traffic requiring less response time, such as FTP.
To configure bandwidth management, navigate to the Firewall > BWM page.
This page consists of the following entities:
* 
NOTE: The defaults are set by SonicWALL to provide BWM ease-of-use. It is recommended that you review the specific bandwidth needs and enter the values on this page accordingly.
Bandwidth Management Type Option:
WAN — Only WAN zones can have assigned guaranteed and maximum bandwidth to services and have prioritized traffic.
Global — All zones can have assigned guaranteed and maximum bandwidth to services and have prioritized traffic.
None — (Default) Disables BWM.
* 
NOTE: When you change the Bandwidth Management Type from Global to WAN, the default BWM actions that are in use in any App Rules policies are automatically converted to WAN BWM Medium, no matter what level they were set to before the change.When you change the Type from WAN to Global, the default BWM actions are converted to BWM Global-Medium. The firewall does not store your previous action priority levels when you switch the Type back and forth. You can view the conversions on the Firewall > App Rules page.
Priority Column — Displays the priority number and name.
Enable check box — When checked, the priority queue is enabled.
Guaranteed and Maximum\Burst Text Field — Enables the guaranteed and maximum/burst rates. The corresponding Enable check box must be checked in order for the rate to take effect. These rates are identified as a percentage. The configured bandwidth on an interface is used in calculating the absolute value. The sum of all guaranteed bandwidth must not exceed 100 percent, and the guaranteed bandwidth must not be greater than the maximum bandwidth per queue.
The default settings for this page consists of three priorities with preconfigured guaranteed and maximum bandwidth. The medium priority has the highest guaranteed value because this priority queue is used by default for all traffic not governed by a BWM enabled policy.