beautypg.com

Using an application control rule set – Amer Networks E5Web GUI User Manual

Page 210

background image

been authenticated by cOS Core and are one of the usernames specified for the rule or
belong to one of the specified groups.

For a Deny rule, the requesting client is denied the connection if they are authenticated and
are one of the usernames specified or belong to one of the specified groups.

Authentication may have performed using any of the methods available in cOS Core
Authentication Rule objects, including Identity Awareness.

If no groups or usernames are specified in the rule, authentication is ignored.

Traffic Shaping Settings

Predefined cOS Core Pipe objects can be associated with the rule so the bandwidth limit
specified by pipe objects can be placed on the either direction of data flow or both.

This feature therefore allows bandwidth limits to be placed on a given application and, if
used in conjunction with the authentication setting, on particular users or user groups using
that application.

Traffic shaping is only relevant if the Application Control Rule has an action of Allow.

Example 3.27. Using an Application Control Rule Set

Assume that an IP Policy object called lan_to_wan_policy has already been defined that allows
connections from a protected internal network to the public internet.

This example will limit the usage by the user called rogue_user to 0.25 Megabit of bandwidth for
both uploading and downloading of data using BitTorrent. Let's assume that a Pipe object called
narrow_025_pipe has already been defined in cOS Core that permits this data flow.

It is assumed that all clients on the local network that access the Internet must be authenticated.

Command-Line Interface

First, the appcontrol command is used to create a filter for BitTorrent. This should also include the
uTP protocol:

Device:/> appcontrol -filter -application=bittorrent,utp -save_list

Assume that this filter list is the third filter list created and is therefore assigned the list number 3.
All filters can be displayed with the command:

Device:/> appcontrol -show_lists

Next, create an ApplicationRuleSet called bt_app_list:

Device:/> add Policy ApplicationRuleSet bt_app_list

DefaultAction=Allow

Then, change the CLI context to be bt_app_list:

Device:/> cc Policy ApplicationRuleSet bt_app_list

Device:/bt_app_list>

Chapter 3: Fundamentals

210

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: