Sophos Firewall Traffic Shaping Policies

Questions and Answers

What must be configured before creating traffic shaping policies on Sophos Firewall?

• Firewall rule order
• Available bandwidth (correct)
• Web categories
• User roles

Which elements can traffic shaping policies be created for in Sophos Firewall?

• Only applications and web categories
• Users, firewall rules, web categories, and applications (correct)
• Only firewall rules
• Network protocols and user devices

What is the purpose of the default policy in traffic shaping on Sophos Firewall?

• To override user settings for traffic shaping
• To configure all types of firewall rules
• To apply to traffic without a specific policy (correct)
• To enable logging of all traffic activities

What type of knowledge is recommended before creating traffic shaping policies?

Configuring settings for traffic shaping (C)

What is a key consideration before applying traffic shaping on Sophos Firewall?

Ensuring available bandwidth is configured (B)

What is the maximum bandwidth limit set for FTP applications in the traffic shaping policy?

2500 KB/s (A)

What type of policy is created to limit FTP traffic?

Rule-based policy (C)

What priority is set for the FTP limit rule?

0 – Real Time (D)

Which port numbers are associated with FTP applications in the traffic shaping policy?

20 and 21 (D)

What is set in the bandwidth usage type for the FTP limit policy?

Shared (D)

What type of traffic does the firewall rule allow in the FTP example?

LAN to WAN (A)

What additional feature must be set in the firewall rule to apply the traffic shaping policy?

Shape traffic (A)

Which group of users requires guaranteed bandwidth for a critical business application?

Business Application Users (D)

What is the intended effect of the traffic shaping policy applied to FTP traffic?

Limit the total bandwidth to ensure priority services (A)

What happens once the FTP limit rule is saved and enabled in the firewall configuration?

Traffic matching the rule will be limited as per policy (C)

Flashcards

Traffic Shaping

Process of managing network traffic flow by prioritizing certain types of traffic over others. It ensures smooth operation even during peak periods.

Configure Available Bandwidth

A crucial initial step in managing traffic. Defines how much bandwidth is available to the firewall for processing traffic.

Configure Default Policy

A default traffic shaping policy applied to traffic that doesn't have a specific policy set. A fallback for uninstructed traffic.

Creating Traffic Shaping Policies

Creating rules that determine how different types of network traffic are handled. Helps control bandwidth usage based on priority.

Traffic Shaping Targets

Traffic shaping can be applied to different types of traffic, allowing fine-grained control over flow.

FTP Limit Rule

A rule that restricts the bandwidth for FTP applications running on port 20 and 21. This rule can be applied to a firewall rule to enforce the bandwidth limit.

Traffic Shaping Policy

A traffic shaping policy that sets a bandwidth limit for a specific application or user group.

Bandwidth Limit

The total bandwidth allowed for FTP traffic by the FTP Limit Rule.

Bandwidth Usage Type

A setting in a traffic shaping policy that determines whether bandwidth is shared between users or allocated individually.

FTP Firewall Rule

A firewall rule that allows FTP traffic from the LAN network to the WAN network. This rule targets internal users connecting to external FTP servers.

Shape Traffic Setting

The configuration option within a firewall rule that allows you to apply a traffic shaping policy to the traffic matching the rule. This ensures the policy is enforced on the specific traffic.

User Guarantee Policy

A firewall rule that guarantees a specific minimum bandwidth for certain users to a critical application. This can be applied to a user group to ensure their bandwidth requirements are met.

User Group

A group of users on a firewall that can be used to apply policies to them. Policies are then applied to the group, not to individual users.

User-Based Policy

A traffic shaping policy applied to a user group, ensuring specific users have guaranteed bandwidth for a critical application. This policy would be associated with a user group and applied to the rule that matches their traffic.

Cloud Application User Rule

A firewall rule that allows traffic from a specific user group to a critical business application hosted in the cloud. This rule can be configured with the "Shape traffic" setting to enforce a guarantee for the user group.

Study Notes

Sophos Firewall Network Traffic Shaping

• Sophos Firewall version 19.0v1 is discussed
• The document covers network traffic shaping on Sophos Firewall, including policies for rules and users
• Copyright of the document is reserved by Sophos Limited, 2022
• Sophos and the Sophos logo are registered trademarks of Sophos Limited
• Other names, logos, and marks mentioned may be trademarks or registered trademarks of Sophos Limited or other owners
• Document is subject to change without notice
• Sophos Limited is registered in England, number 2096520. Registered office: The Pentagon, Abingdon Science Park, Abingdon, Oxfordshire, OX14 3YP
• Configuring traffic shaping settings is necessary for traffic shaping policies

Knowledge and Experience

• Understanding traffic shaping settings is required
• Knowing different types of traffic shaping policies is needed

Duration

• The training material on traffic shaping uses 7 minutes

Traffic Shaping Policies

• Traffic shaping policies can be applied to users, firewall rules, web categories, and applications
• Default policy can be configured for traffic without a dedicated policy
• Policies created for traffic shaping are applied to the specified types and cannot be applied elsewhere.

Example 1: Limiting FTP

• Aims to create a policy to limit the bandwidth of FTP applications running on ports 20 and 21
• Users must be able to transfer data via FTP without excessive bandwidth consumption by more critical systems
• 2500 KB/s maximum total FTP bandwidth is the set limit

Example 1: Rule Creation

• A new traffic shaping policy named "FTP Limit Rule" is created. This rule is specifically designed to limit the traffic.
• The rule sets a priority level for processing (0 - Real-time), so this rule is processed before others.
• The limit is set to 2500 KB/s, and the bandwidth usage type is set as "Shared".

Example 1: Applying the Rule

• The created rule needs to be applied to a firewall rule.

Example 2: User Guarantee

• This example addresses the requirement of guaranteed bandwidth for specific users or groups to a critical business application (cloud application).
• The target users are members of a group called "Business Application Users"
• 1000 KB/s guaranteed bandwidth per user is required

Example 2: Policy Creation

• A new policy is created that's user-based and applied to the group.
• The guaranteed traffic priority is set to "Business Critical".
• The bandwidth usage type is set to "Individual"

Chapter Review

• Traffic shaping policies can be applied to users or traffic
• Policies can guarantee or limit traffic
• Policies have priorities which control the processing order

Description

This quiz focuses on network traffic shaping using Sophos Firewall version 19.0v1. It covers various policies related to traffic shaping settings, necessary for effective network management. A basic understanding of traffic shaping is required to successfully answer the questions.