segunda-feira, 14 de setembro de 2009

Como criar uma regra no sonicwall para controle de banda pra skype

Type your summary here



I am running an NSA4500 Sonic Enhanced OS 5.1.x.x

What you will need to do this is a subscription to Application Firewall, so if you already have that, this is how to create a BWM rule for just Skype traffic:

Mostly I use Application Firewall to intercept HTTP requests from certain user groups and in turn it redirects them to an HTML page I make telling them that they have been shut off, are in violation of terms of service, they need to stop by my office, etc, etc. What I discovered though is that you can use Application Firewall to do BWM for certain IPS Categories, and specific signatures within those Categories.

These instructions will work if you have already turned on Ingress and Egress BWM for your WAN port in the Network > Interfaces > WAN > configure > Advanced tab and set a limit for each one.

1. go to Application Firewall and drop down the arrow to show all the sub choices. We need to create an Action.

2. click Add New Action and name it Skype BWM, and on the second line drop down the choice menu and select Bandwidth Management

3. now figure out how many % or Kb or your bandwidth you want to allow for Skype traffic. click ok when done.

4. Now we need to make an Application Object. Add New Object, name it Skype BWM, your Application Object Type drop down and select Signature List. Set your IDP category to IM (11) and drop down IDP Signature and scroll down until you see the 6 different Skype signatures. click each one and press Add, until all 6 are in the List: window. Scroll down to the OK button and click OK when done.

5. Now go to Aplication Firewall > Policies and Add New Policy. name it Skype BWM, and for the Policy Type: drop down and select Dynamic Content. for the address: select the Address object you want to use this policy on, or keep it set to Any. the Application Object should be set to Skype BWM, and Action should also be set to Skype BWM, then select which users/groups this should Include or Exclude, pick the schedule you want this to be on, set Zone to Any and click OK.

To see that it is working, go to Log > View and drop down Category to Application Firewall and click Apply Filter, if somone is on Skype you will see the Action being enforced on their connection.

I believe this to be complete, so try it out and let us know if it worked for you.

good luck,
Walter
NSA4500 Sonic Enhanced OS 5.1.0.4-11o

0 comentários: