Adding Rules to the Bandwidth Control Policy


Adding Rules to the Bandwidth Control Policy

Watch a video about Bandwidth Control.

Adding rules to the Bandwidth Control policy is one of the tasks you must complete when configuring the Bandwidth Control policy. For a full list of tasks, see Configuring the Bandwidth Control Policy and see Bandwidth Control Policy Example for a sample policy. When adding a rule for the Bandwidth Control policy, you can add a rule from scratch or copy an existing rule.

You can also define the bandwidth classes that you want to include in the Bandwidth Control policy. This can be done before or while you're adding the rules.

Adding Rules to the Bandwidth Control Policy

You must first enable Bandwidth Control for the location before you can add rules to the Bandwidth Control policy. To learn how to enable Bandwidth Control for a location, see A. Enable Bandwidth Control for the location in Configuring the Bandwidth Control policy.

To add rules to the Bandwidth Control Policy:

  1. Go to Policy Bandwidth Control
  2. Do one of the following:
    • Click Add Bandwidth Control Rule to add a rule from scratch.
      or
    • Click the Duplicate icon to copy an existing rule.
  3. Specify the rule attributes.
    • Rule Order: Policy rules are evaluated in ascending numerical order (Rule 1 before Rule 2, and so on), and the Rule Order reflects this rule’s place in the order. You can change the value, but if you've enabled Admin Rank, your assigned admin rank determines the Rule Order values you can select.
    • Rule Name: Enter a name for the rule. 
    • Admin Rank: Enter a value from 1-7 (1 is the highest rank). Your assigned admin rank determines the values you can select. You cannot select a rank that is higher than your own. The rule's Admin Rank determines the value you can select in Rule Order, so that a rule with a higher Admin Rank always precedes a rule with a lower Admin Rank.
    • Rule Status: An enabled rule is actively enforced. A disabled rule is not actively enforced but does not lose its place in the Rule Order. The service skips it and moves to the next rule.
  4. Specify the criteria:
    • Bandwidth ClassesSelect the bandwidth classes to which you want to apply this rule. You first must add URLs or cloud applications to predefined or custom bandwidth classes. Select any number of bandwidth classes. You can also search for bandwidth classes or click the Add icon to add a new bandwidth class.
    • Locations: Select Any to apply this rule to all locations, or select up to 8 locations. You can search for a location or click the Add icon to add a new location. You must enable Bandwidth Control for these locations and specify the download and upload bandwidth limits for each location.
    • Time: Select Always to apply this rule to all time intervals, or select up to two time intervals. You can also search for a time interval or click the Add icon to add a new time interval.
    • Protocols: If you have the Cloud Firewall subscription, select the protocols to which the rule applies.
      • FTP over HTTP: Bandwidth from FTP over HTTP websites. (Requires the Cloud Firewall subscription.)
      • HTTP: Bandwidth from HTTP websites.
      • HTTPS: Bandwidth from HTTP websites encrypted by TLS/SSL.
      • Native FTP: Bandwidth from native FTP servers. (Requires the Cloud Firewall subscription.)
      • SSL: Bandwidth from SSL traffic that isn't decrypted. For example, bandwidth from hosts you've exempted from SSL inspection.
      • Tunnel: Bandwidth from unidentified encrypted traffic. For example, bandwidth from tunneling applications (e.g., Telnet or SSH) that are encapsulated in HTTP or HTTPS.
  5. Specify the action:
    • Min. BandwidthSelect the minimum percentage of a location’s bandwidth you want to be guaranteed for each selected bandwidth class. This percentage includes bandwidth for uploads and downloads.
    • Max. BandwidthSelect the maximum percentage of a location’s bandwidth you want to be guaranteed for each selected bandwidth class. This percentage includes bandwidth for uploads and downloads.
  6. In the Description field, optionally enter additional notes or information. The description cannot exceed 10,240 characters.
  7. Click Save and activate the change.

The Bandwidth Control policy has two predefined rules that you can edit or delete, and a default rule that you can edit but not delete. You can also edit or delete any administrator-defined rule.

To see how this policy fits into the overall order of policy enforcement, see How does the Zscaler service enforce policies?