cancel
Showing results for 
Search instead for 
Did you mean: 
rbarboza
Level 7

control the bandwidth in the web gateway

Hi

Anyone know how I can control the bandwidth in the web gateway 7.3

thanks

0 Kudos
7 Replies
eelsasser
Level 15

Re: control the bandwidth in the web gateway

You use the Throttle Server(nnn) event

https://community.mcafee.com/thread/37447

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23273/en_US/...

Also, on 7.3.2, there will be support for DSCP marking of specific traffic so you can coursely prioritizes QoS.

0 Kudos
itsec
Level 7

Re: control the bandwidth in the web gateway

Hi Erik,

Do you have any more information about this new feature you can pass on?

I'm looking at some problems we have accessing a certain site (search.cnipr.com) and would like to know if this feature would help prioritise traffic to the site - I don't think the exisiting throttling will achieve the desired effect. 

Testing indicates that it seems to be the website that is most at issue (significantly slows down in the afternoon when I guess US internet users are accessing it) and cannot handle the traffic but I'd like to see if there's anything I can do with the MWG.

I have noticed that if I use a speedcheck tool to measure download speed, the speed is approx half going through the proxy then if I bypass it.  Of course I realise that there are other factors involved here and will be consulting our network service guys to see if there's anything they can do also eg VLAN QoS etc.

Thanks

0 Kudos
btlyric
Level 12

Re: control the bandwidth in the web gateway

If you are asking about the DSCP feature, I can provide a bit of input.

7.3.2 beta adds the feature to set a DSCP flag on traffic. As with any other rule, you can set whatever criteria you want to trigger the rule and then set the DSCP flag via Events.

So, for example, you could create a rule that identifies traffic to Social Networking sites and set a DSCP flag that your routers will understand to mean to de-prioritize that traffic.Or prioritize the traffic if that's what you want.

Another angle -- if you're dealing with a website with slow response, you may want to enable Extended Timeout for that specific destination. For example, I have a rule that uses this criteria:

URL.Destination.IP is in range list Extended Timeout OR

URL.Host is in list Extended Timeout Host

If that rule is activated, Event Enable Proxy Control <Extended Timeout> is applied.

The Extended Timeout config has the checkbox for Change timeout value selected and a subsequent Connection timeout value that exceeds the default (which I think is something like 120 seconds). We had a remote system that was generating reports that took over 2 minutes to complete, so it is now part of the Extended Timeout group.

satbir
Level 7

Re: control the bandwidth in the web gateway

Wow! DSCP marking in MWG! Can't wait to test out this feature! 

Regards,

Satbir

0 Kudos
itsec
Level 7

Re: control the bandwidth in the web gateway

Hi btlyric,

Thanks for the info re DSCP.  After further testing we've discovered that it's an external problem as we bypassed the proxy and created simple packet filters for that host on the firewall but there was no change.  We have a proxy in the far east so I configured my browser to use this one (same version as my normal proxy) and performance was vastly improved.

I like the tip on timeouts although I don't think in this instance it would have changed anything.

For the time being I will see if we can configure the users to use a different browser configured to the far east proxy.  More long-term I would imagine that I could create a rule set that identifies a request for the site and routes it through the far east proxy without configuring an extra browser.

Something like:

URL.Host is inlist [wildcardlist for *.cnipr.com]

Action: continue

Event: enable next hop proxy

although I don't seem to be having much success initiailly...tcpdump shows that tcp is being fwded to the next hop proxy but I'm getting a http 502 bad gateway error/ MWG bad response "the proxy did not receive a valid response in time".

need to do some testing!

0 Kudos
itsec
Level 7

Re: control the bandwidth in the web gateway

looks like it's an authentication issue.

If I'm using ntlm authentication against AD, how does the authentication pass to the next hop proxy.  My redirect rule is in with the standard global whitelist rule set which is after authentication > site review template > troubleshooting > global whitelist

Thanks

0 Kudos
yerkogofes
Level 7

Re: control the bandwidth in the web gateway

Perhaps i need the same configuration...

I need to limit consumption of BW of different user groups (3 groups GOLD, SILVER, BRONZE).

We have national BW = 100 Mbps and 40 Mbps BW = International

This may be limited by user privileges?

For example:

USER GOLD :user must use 100% of capacity to the Link

USER SILVER: user must use 50% of capacity to the link

USER BRONZE: user must use 30% of capacity to the link

It´s possible?

0 Kudos