Introduction

In the previous chapter we looked at the most common portions of policy creation. This will be the typical configuration used when creating a policy. As you may have noticed when using the WebUI, there is a button labeled Advanced at the bottom of the policy configuration page. You may have also noticed additional options in the CLI. These are the advanced options that you can apply to your policies.

In this chapter, we look at the use and configuration of each of these options. Some options involve more detailed configuration and are discussed in their own separate chapters.

In the first section of this chapter we will look at network traffic management, commonly known as traffic shaping or quality of service (QoS). This allows you to prioritize traffic on your network and determine which traffic should have access to how much bandwidth. Traffic shaping is a complex configuration that is reviewed in both theory and practice. In the second part of the chapter we review three other advanced policy options including counting, scheduling, and authentication. Counting allows you to monitor the bandwidth utilization on a per policy basis. The scheduling option allows you to specify the time that a policy is active during the day. Policy-based authentication forces a user to authenticate to the firewall before using the access provided in a firewall policy.

Network Traffic Management

Every year the capacity of Local Area Networks (LANs) greatly increases. Most organizations are stretching beyond 100 Megabits per...