Chapter 5 - Advanced Policy Configuration

Abstract

This chapter deals with advanced policy options. To successfully implement traffic shaping to the exact requirements, each policy implemented must be researched. A poor configuration with traffic shaping can be as bad in some cases as not using traffic shaping at all. This chapter takes a look at the use of guaranteed bandwidth, traffic prioritization, and maximum bandwidth restrictions. These three components of traffic management allow ensuring that the available bandwidth is allocated to the policies that need it. Using counting can help to identify traffic patterns on a per policy basis. This can help identify which policies require more bandwidth and which use less bandwidth. Policies are typically in one of two states, enabled or disabled. When using scheduling it can be used to create schedule objects to specify which times the policies will be enforced and for how long policies are effective. Policy-based authentication forces a user to authenticate before using network resources. Using authentication on a policy not only authenticates the system by requiring the source Internet protocol (IP) address to match the policy, but also forces the user to authenticate to the firewall to ensure the right user is accessing the resources.