CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it yet again - That's right, the 3rd edition is here!
You can read his announcement post here.
It's a massive upgrade focusing on current versions, and well worth checking out. -E


Results 1 to 2 of 2

Thread: Bandwidth limits for various networks

  1. #1
    Join Date
    Rep Power

    Default Bandwidth limits for various networks


    I am looking to implement this scenario within the next few weeks and i just wondered if anyone had any experience or tips/ideas on it.

    I am going to have a site which will contain different clients all of whom are not related in any way, but will require internet access etc... They will all be in plug and play offices whereby they connect up to the nearest ethernet port in their office and are dropped onto their own VLAN which will provide them with DHCP and routing out the internet, through a Check Point.

    Each client will be charged for bandwidth, for instance most will pay for 2Mbps - i was hoping that by defining their network on the Check Point, i could utilise QoS to limit all services to them and from them out to the internet. However...

    I want to make certain that the internetwork traffic is not limited, only traffic bound for the internet and from the internet, i want local traffic to be untouched.

    I will upload a pic of the QoS configuration i have thought of, i just wondered if people have some practical advice on the subject?


  2. #2
    Join Date
    Luxembourg, Luxembourg
    Rep Power

    Default Re: Bandwidth limits for various networks

    In such scenario, you need to set limit rules per existing subnet from which DHCP scopes are taken. Each subnet will represent a certain level of service that you translate into a per-connection bandwidth limit. It should get the job done. To make sure this limitation does not impact your internal to internal networks, just apply the QoS to the external interfaces only or create bypass rules for the internal to internal traffic (1st solution is recommended).

    Just recall that QoS-1 is pretty much dying : It will deactivate CoreXL / SecureXL on your gateway so make sure the performance is sufficient for your needs.

Similar Threads

  1. Massively Increased Size Limits for Attached Files
    By Barry J. Stiefel in forum About This Discussion Board
    Replies: 0
    Last Post: 2011-04-16, 13:36
  2. Connection limits on different platforms
    By wiz999 in forum Miscellaneous
    Replies: 1
    Last Post: 2010-11-10, 10:54
  3. Bandwidth Allocation
    By Abrahim Mathai in forum Management High Availability
    Replies: 3
    Last Post: 2009-09-08, 14:53
  4. Rulebase "size" Limits
    By MoreBeer in forum Clustering (Security Gateway HA and ClusterXL)
    Replies: 17
    Last Post: 2008-10-08, 22:26
  5. Replies: 16
    Last Post: 2008-01-04, 07:26

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts