Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[AF] Bandwidth Management does not take effect, but the flow control is not a problem when Bandwidth Management is transferred to AC

Posted
Updated
Byadmin
Views5

Problem Description

Original topology
External network export load–test af–Critical—intranet—-users and Services
                           |
dmz
The Network topology after customer implementation is:
External network export load—official af—ac–Critical—intranet——users and Services
                           |
dmz
The test af is deployed hybridly between the egress and the Critical, and the application control Policies and Bandwidth Management are mainly configured on it. The Bandwidth Management was previously configured in af. During the test, it was found that the Bandwidth Management could be matched when the external network accessed the server, but the Bandwidth Management did not take effect when the internal network users accessed the server. The Bandwidth Management configuration of af was transferred to ac for testing, and there was no problem with the configuration.

Root cause

Because when we access the portal of this DMZ from the external network, the data direction is from WAN to DMZ, and Local Bandwidth Management is effective on the WAN attribute; and when the internal network users access the DMZ Zones, the data direction is from LAN to DMZ, and the Local Bandwidth Management is effective on the WAN attribute.

solution

In the Bandwidth Management Policies, configure the flow control guarantee channel from the intranet database to the DMZ Zones portal website. The specific operations are as follows:
① Take the standard version AF7.3 as an example of the operation path:

  1. In [Network Configuration] – [Interfaces/Zones] – the corresponding DMZ Interfaces check the WAN attribute properties
  2. Configure virtual lines and virtual line rules in [Traffic Management] – [Virtual Line Configuration]
  3. Configure the corresponding guaranteed Bandwidth Channel and restricted channel in [Traffic Management] – [Channel Configuration]
    ② Take the standard version AF7.4 as an example of the operation path:
  4. Check the WAN Network Zones for the DMZ interface corresponding to [Network]-[Interfaces/Zone]
  5. Configure virtual lines and virtual line rules in [Policy] – [Traffic Management] – [Virtual Line Configuration]
  6. Configure the corresponding Policies channel and restricted channel in [Policy] – [Traffic Management] – [Limited channel]

Suggestions and Conclusion

Although the Policies remains unchanged after the customer's Network transformation, the direction of data flow must be considered and the subtle differences between the original and the current ones must be analyzed in detail.
When a problem occurs, we must analyze the business access principle and access relationship of the problem to quickly locate the problem.

Original Link

https://support.sangfor.com.cn/cases/list?product_id=13&type=1&category_id=678&isOpen=true