6.11 Network Traffic Control Policies
Network traffic control policies regulate client machine network usage to prevent congestion, ensure normal operation across the enterprise, and restrict unauthorized downloads or specific port traffic.
Traffic policies apply to computers, not individual users. Policy attributes include:
| Policy Attribute |
Description |
| Network Address Range |
Specifies the IP address range of communication peers. Default is {All}. Addresses can be added manually or selected from predefined network categories, represented by {…}. |
| Port Range |
Specifies the range of ports used in communication. Default is {All}, including TCP: 0-65535, UDP: 0-65535, ICMP. Custom ports must be prefixed with TCP: or UDP:; otherwise, TCP is assumed. Port ranges can also reference port categories {…}. |
| Traffic Direction |
Defines the flow of network traffic. Outbound traffic from the client is "Sent," inbound traffic is "Received." Sent + Received = Total traffic. |
| Speed Limit |
Sets the maximum traffic rate in KB/s. Not applicable if the policy mode is Unlimited. In Limit mode, exceeding the limit pauses upload/download until average traffic falls below the threshold. In Ignore mode, speed is not limited, but configured actions (alert, warning, lock computer) will trigger if traffic exceeds the limit. |
If the policy mode is Limit, when a client's traffic in the specified IP range, port range, and direction exceeds the set speed limit, uploads/downloads will be paused until the average traffic falls below the limit, effectively controlling the flow.
If the policy mode is Ignore and no action is configured, the speed limit is inactive. If actions such as alert, warning, or lock computer are set, exceeding the speed limit in the specified IP range, port range, and direction will trigger the configured actions, but traffic will not be restricted.
Policy Example 1:
To prevent client machines from unrestricted Internet access that could heavily consume corporate bandwidth and affect overall network performance, a traffic control policy can be applied to specific machines.
Policy Settings:
- Mode: Limit
- Address Range: Internet
- Port Range: Default or specified ports
- Traffic Direction: Selected direction
- Speed Limit: 20 KB/s
Effect: Clients' web access and upload/download speeds are limited to 20 KB/s.
Policy Example 2:
Traffic control policies can also block communication between clients and specific IPs or ports. To prevent FTP downloads:
- Mode: Limit
- IP Address Range: {All}
- Port: TCP:21
- Speed Limit: 0 KB/s
Result: FTP downloads from clients are blocked.
Don't see what you're looking for?
